GHSA-qrqm-574x-q7f2

Опубликовано: 22 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Awesome Support vulnerable to persistent cross-site scripting

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-38073
https://github.com/Awesome-Support/Awesome-Support/commit/85f460be88b81fbdd9a990f474a1252297902faf
https://github.com/Awesome-Support/Awesome-Support/commit/b2e831d7f831a3869cfd83eb79a398a5b5c0ec63
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities
https://wordpress.org/plugins/awesome-support/#developers

Пакеты

Наименование

awesome-support/awesome-support

composer

Затронутые версииВерсия исправления

<= 6.0.7

6.0.8

EPSS

Процентиль: 52%

0.00295

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-38073

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-38073

CVSS3: 5.4

nvd

больше 3 лет назад

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

EPSS

Процентиль: 52%

0.00295

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-38073

Дефекты

CWE-79