CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 22:53:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-24301.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

854 B
Raw Permalink Blame History

CVE-2021-24301

Description

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.

POC

Reference

Github

Reference in New Issue View Git Blame Copy Permalink