CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-39345

The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.4%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

Products affected by CVE-2021-39345

Cnrs » Hal » Version: N/A

cpe:2.3:a:cnrs:hal:-
Cnrs » Hal » Version: 1.1

cpe:2.3:a:cnrs:hal:1.1
Cnrs » Hal » Version: 1.2

cpe:2.3:a:cnrs:hal:1.2
Cnrs » Hal » Version: 1.3

cpe:2.3:a:cnrs:hal:1.3
Cnrs » Hal » Version: 1.4

cpe:2.3:a:cnrs:hal:1.4
Cnrs » Hal » Version: 1.4.1

cpe:2.3:a:cnrs:hal:1.4.1
Cnrs » Hal » Version: 1.4.2

cpe:2.3:a:cnrs:hal:1.4.2
Cnrs » Hal » Version: 1.4.3

cpe:2.3:a:cnrs:hal:1.4.3
Cnrs » Hal » Version: 1.4.4

cpe:2.3:a:cnrs:hal:1.4.4
Cnrs » Hal » Version: 2.0

cpe:2.3:a:cnrs:hal:2.0
Cnrs » Hal » Version: 2.0.1

cpe:2.3:a:cnrs:hal:2.0.1
Cnrs » Hal » Version: 2.0.10

cpe:2.3:a:cnrs:hal:2.0.10
Cnrs » Hal » Version: 2.0.2

cpe:2.3:a:cnrs:hal:2.0.2
Cnrs » Hal » Version: 2.0.3

cpe:2.3:a:cnrs:hal:2.0.3
Cnrs » Hal » Version: 2.0.4

cpe:2.3:a:cnrs:hal:2.0.4
Cnrs » Hal » Version: 2.0.5

cpe:2.3:a:cnrs:hal:2.0.5
Cnrs » Hal » Version: 2.0.6

cpe:2.3:a:cnrs:hal:2.0.6
Cnrs » Hal » Version: 2.0.7

cpe:2.3:a:cnrs:hal:2.0.7
Cnrs » Hal » Version: 2.0.8

cpe:2.3:a:cnrs:hal:2.0.8
Cnrs » Hal » Version: 2.0.9

cpe:2.3:a:cnrs:hal:2.0.9
Cnrs » Hal » Version: 2.1.0

cpe:2.3:a:cnrs:hal:2.1.0
Cnrs » Hal » Version: 2.1.1

cpe:2.3:a:cnrs:hal:2.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-39345

Products

Pricing

Contact Us