Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-7m4g-93cj-64cg

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Ссылки

EPSS

Процентиль: 63%
0.00447
Низкий

CVE ID

CVE-2021-39336

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2021-39336

CVSS3: 5.5
nvd
больше 4 лет назад

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

EPSS

Процентиль: 63%
0.00447
Низкий

CVE ID

CVE-2021-39336

Дефекты

CWE-79