exploitDog

GHSA-jxwv-7233-rfj5

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

Ссылки

EPSS

Процентиль: 82%

0.01782

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-1559

CVSS3: 4.8

nvd

больше 3 лет назад

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

EPSS

Процентиль: 82%

0.01782

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79