Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-24x9-9gx2-3g25

Опубликовано: 12 июл. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 6.1

Описание

The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

EPSS

Процентиль: 87%
0.03501
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVSS3: 6.1
nvd
около 3 лет назад

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

EPSS

Процентиль: 87%
0.03501
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79