CVE-2015-5484

Опубликовано: 15 янв. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.

Ссылки

http://seclists.org/fulldisclosure/2015/Jul/68
Exploit
Mailing List
Third Party Advisory
https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
Third Party Advisory
https://wordpress.org/plugins/wp-plotly/changelog/
Release Notes
http://seclists.org/fulldisclosure/2015/Jul/68
Exploit
Mailing List
Third Party Advisory
https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
Third Party Advisory
https://wordpress.org/plugins/wp-plotly/changelog/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plot:plotly:*:*:*:*:*:wordpress:*:*

Версия до 1.0.3 (исключая)

EPSS

Процентиль: 42%

0.00205

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2vfw-8m4f-jmc8

github

больше 3 лет назад