exploitDog

GHSA-3hc7-7vjp-8x77

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

Ссылки

EPSS

Процентиль: 57%

0.00357

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-24561

CVSS3: 5.4

nvd

больше 4 лет назад

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

EPSS

Процентиль: 57%

0.00357

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79