exploitDog

GHSA-4w3h-ggjg-2hvj

Опубликовано: 24 нояб. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.

Ссылки

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-24812

CVSS3: 5.4

nvd

около 4 лет назад

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79