exploitDog

GHSA-7c47-rxv3-c2fv

Опубликовано: 26 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Ссылки

EPSS

Процентиль: 29%

0.00102

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-12878

CVSS3: 7.1

nvd

12 месяцев назад

The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS

Процентиль: 29%

0.00102

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-79