CVE-2021-24787
Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site ScriptingThe Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
We have discovered 77 live websites that are affected by CVE-2021-24787.
Affected Software
| Product |  Sprout Invoices |
| Category | Wordpress Plugins |
| Vulnerable Domains | 77 live websites (18% of Sprout Invoices install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 33% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Nov 17, 2021
- Updated - Aug 3, 2024
Credits
- Dipak Panchal
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-24787 United States | 40 websites |
 GB | 9 websites |
 France | 4 websites |
 Australia | 3 websites |
 Switzerland | 3 websites |
 Cyprus | 3 websites |
 Spain | 2 websites |
 Italy | 2 websites |
 Romania | 2 websites |
 Slovenia | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2021-24787| .com | 54 websites |
| .fr | 3 websites |
| .co.uk | 2 websites |
| .com.au | 2 websites |
| .es | 2 websites |
| .ch | 1 websites |
| .co | 1 websites |
| .com.br | 1 websites |
| .cz | 1 websites |
| .io | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-24787
Top websites that are affected by CVE-2021-24787. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.****.es | Spain | **,*** | |
| ******************.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *******.co | United States | *,***,*** | |
| *****.com | United States | *,***,*** | |
| *************.com | GB | *,***,*** | |
| *******************.it | Italy | *,***,*** | |
| *******************.com |  Canada | *,***,*** | |
| *****.com | GB | *,***,*** | |
| **************.com | United States | *,***,*** |
FAQ
CVE-2021-24787 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Sprout Invoices
A total of 77 websites have been identified as vulnerable to CVE-2021-24787, based on global website indexing conducted by WebTechSurvey.
The Sprout Invoices is affected by the CVE-2021-24787 vulnerability.
Sprout Invoices versions up to 19.9.7 are vulnerable to CVE-2021-24787.
CVE-2021-24787 is resolved in version 19.9.7 of Sprout Invoices.