exploitDog

GHSA-j4gg-9rwv-9gxg

Опубликовано: 17 июл. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Ссылки

EPSS

Процентиль: 94%

0.14858

Средний

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-2579

CVSS3: 5.4

nvd

больше 2 лет назад

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

EPSS

Процентиль: 94%

0.14858

Средний

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79