exploitDog

GHSA-8vp3-gv73-jccx

Опубликовано: 17 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Ссылки

EPSS

Процентиль: 52%

0.00288

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-2563

CVSS3: 4.8

nvd

больше 3 лет назад

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

EPSS

Процентиль: 52%

0.00288

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79