CVE-2021-41951

Name of the Vulnerable Software and Affected Versions ResourceSpace versions prior to 9.6 rev 18290

Description The issue allows for malicious JavaScript content to be executed within the context of a victim's browser, due to a reflected Cross-Site Scripting vulnerability. This can occur when a victim visits a crafted URL. The vulnerability is specifically located in the wordpress user parameter of the "plugins/wordpress sso/pages/index.php" page.

Recommendations For versions prior to 9.6 rev 18290, update to version 9.6 rev 18290 or later to resolve the issue. As a temporary workaround, consider restricting access to the wordpress user parameter in the affected page to minimize the risk of exploitation.