GHSA-g22h-22vf-v6vp

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2013-2501
https://exchange.xforce.ibmcloud.com/vulnerabilities/82727
http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html
http://osvdb.org/91123
http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html
http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews
http://wordpress.org/extend/plugins/terillion-reviews/changelog
http://www.securityfocus.com/bid/58415

EPSS

Процентиль: 90%

0.06215

Низкий

CVE ID

CVE-2013-2501

Дефекты

CWE-79

Связанные уязвимости

CVE-2013-2501

nvd

около 12 лет назад

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

EPSS

Процентиль: 90%

0.06215

Низкий

CVE ID

CVE-2013-2501

Дефекты

CWE-79