Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-wx5g-hmg5-85r4

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.

Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.

Ссылки

EPSS

Процентиль: 39%
0.00174
Низкий

CVE ID

CVE-2014-4552

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2014-4552

nvd
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.

EPSS

Процентиль: 39%
0.00174
Низкий

CVE ID

CVE-2014-4552

Дефекты

CWE-79