exploitDog

GHSA-24m8-vx7p-q7mf

Опубликовано: 06 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks

Ссылки

EPSS

Процентиль: 3%

0.00018

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-12302

CVSS3: 6.1

nvd

10 месяцев назад

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 3%

0.00018

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79