CVE-2017-1000225

Опубликовано: 17 нояб. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can

Ссылки

https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/
Exploit
Third Party Advisory
https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:relevanssi:relevanssi:1.14.8:*:*:*:premium:wordpress:*:*

EPSS

Процентиль: 69%

0.0061

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wf65-c5xv-rh5q