exploitDog

GHSA-34fj-h2m6-f295

Опубликовано: 26 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

Ссылки

EPSS

Процентиль: 44%

0.0022

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-25612

CVSS3: 4.1

nvd

почти 4 года назад

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

EPSS

Процентиль: 44%

0.0022

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79