exploitDog

GHSA-f648-43x4-7j96

Опубликовано: 30 нояб. 2021

Источник: github

Github: Не прошло ревью

Описание

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Ссылки

EPSS

Процентиль: 40%

0.0018

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-24751

CVSS3: 5.4

nvd

около 4 лет назад

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

EPSS

Процентиль: 40%

0.0018

Низкий

CVE ID

Дефекты

CWE-79