Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-hg3r-84jw-ffwc

Опубликовано: 24 фев. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 4.8

Описание

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

EPSS

Процентиль: 84%
0.02059
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2023-0585

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2023-0585

CVSS3: 4.4
nvd
почти 3 года назад

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS

Процентиль: 84%
0.02059
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2023-0585

Дефекты

CWE-79