exploitDog

GHSA-72rf-chvf-8738

Опубликовано: 09 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Ссылки

EPSS

Процентиль: 40%

0.00181

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-2391

CVSS3: 5.4

nvd

больше 3 лет назад

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

EPSS

Процентиль: 40%

0.00181

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79