exploitDog

GHSA-m9r2-v6px-98w2

Опубликовано: 31 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Ссылки

EPSS

Процентиль: 40%

0.00179

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-5229

CVSS3: 4.8

nvd

больше 2 лет назад

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

EPSS

Процентиль: 40%

0.00179

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79