{"containers":{"cna":{"affected":[{"product":"User Registration & User Profile – Profile Builder","vendor":"Unknown","versions":[{"lessThan":"3.4.8","status":"affected","version":"3.4.8","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Akash Rajendra Patil"}],"descriptions":[{"lang":"en","value":"The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-08-02T10:31:59.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/81e42812-93eb-480d-a2d2-5ba5e02dd0ba"}],"source":{"discovery":"UNKNOWN"},"title":"Profile Builder < 3.4.8 - Authenticated Stored XSS","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2021-24448","STATE":"PUBLIC","TITLE":"Profile Builder < 3.4.8 - Authenticated Stored XSS"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"User Registration & User Profile – Profile Builder","version":{"version_data":[{"version_affected":"<","version_name":"3.4.8","version_value":"3.4.8"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Akash Rajendra Patil"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/81e42812-93eb-480d-a2d2-5ba5e02dd0ba","refsource":"MISC","url":"https://wpscan.com/vulnerability/81e42812-93eb-480d-a2d2-5ba5e02dd0ba"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:28:23.855Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/81e42812-93eb-480d-a2d2-5ba5e02dd0ba"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2021-24448","datePublished":"2021-08-02T10:31:59.000Z","dateReserved":"2021-01-14T00:00:00.000Z","dateUpdated":"2024-08-03T19:28:23.855Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}