exploitDog

GHSA-x642-vcqw-qq9v

Опубликовано: 31 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Ссылки

EPSS

Процентиль: 49%

0.00257

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-4250

CVSS3: 6.1

nvd

больше 2 лет назад

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS

Процентиль: 49%

0.00257

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79