CVE-2017-17043

Опубликовано: 28 нояб. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.

Ссылки

https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt
Exploit
Third Party Advisory
VDB Entry
https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/
Exploit
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8964
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt
Exploit
Third Party Advisory
VDB Entry
https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/
Exploit
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8964
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zitec:emag_marketplace_connector:1.0.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 87%

0.03568

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-936x-ffmv-qh66