exploitDog

GHSA-578w-8w42-q6vh

Опубликовано: 26 июл. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.

Ссылки

EPSS

Процентиль: 92%

0.08267

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-0899

CVSS3: 6.1

nvd

больше 3 лет назад

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.

EPSS

Процентиль: 92%

0.08267

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79