Home > Vulnerability Database > CVE-2021-34630

Mend.io Vulnerability Database

CVE-2021-34630

Good to know:

Date: July 30, 2021

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.

Language: PHP

Severity Score

5.0

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-34630

Url: https://plugins.svn.wordpress.org/gtranslate/tags/2.8.64/gtranslate.php

Url: https://www.mend.io/vulnerability-database/CVE-2021-34630

Severity Score

5.0

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improper Encoding or Escaping of Output

CWE-116

Top Fix

Upgrade Version

Upgrade to version 2.8.65

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-34630

Good to know:

Date: July 30, 2021

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?