exploitDog

GHSA-hp5m-5cf2-6jw5

Опубликовано: 26 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].

Ссылки

EPSS

Процентиль: 44%

0.0022

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-25611

CVSS3: 4.1

nvd

почти 4 года назад

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].

EPSS

Процентиль: 44%

0.0022

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79