Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-44xv-8ff2-fg74

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Ссылки

EPSS

Процентиль: 62%
0.00432
Низкий

CVE ID

CVE-2021-39346

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2021-39346

CVSS3: 4.8
nvd
больше 4 лет назад

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

EPSS

Процентиль: 62%
0.00432
Низкий

CVE ID

CVE-2021-39346

Дефекты

CWE-79