exploitDog

GHSA-hgqw-hh57-7q9g

Опубликовано: 17 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

Ссылки

EPSS

Процентиль: 35%

0.00146

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-1373

CVSS3: 6.1

nvd

почти 3 года назад

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 35%

0.00146

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79