CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.

ResourceSpace versiones anteriores a 9.6 rev 18290, está afectado por una vulnerabilidad de tipo Cross-Site Scripting reflejada en el archivo plugins/wordpress_sso/pages/index.php por medio del parámetro wordpress_user. Si un atacante es capaz de persuadir a una víctima para que visite una URL diseñada, es posible ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la víctima