Описание
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Exploit
- Patch
- Vendor Advisory
- Patch
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.8 (включая)
Одно из
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1a:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.7:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 60%
0.00397
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.
EPSS
Процентиль: 60%
0.00397
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79