exploitDog

GHSA-rcgg-pr6j-3pmh

Опубликовано: 16 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks

Ссылки

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-5057

CVSS3: 5.4

nvd

больше 2 лет назад

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79