exploitDog

GHSA-xc5f-4vv8-gxfp

Опубликовано: 03 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

Ссылки

EPSS

Процентиль: 82%

0.01778

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-1250

CVSS3: 6.1

nvd

почти 4 года назад

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

EPSS

Процентиль: 82%

0.01778

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79