exploitDog

CVE-2017-18603

Опубликовано: 10 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.

Ссылки

https://wordpress.org/plugins/postman-smtp/#developers
Third Party Advisory
https://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/
Exploit
Third Party Advisory
https://wordpress.org/plugins/postman-smtp/#developers
Third Party Advisory
https://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:postman-smtp_project:postman-smtp:*:*:*:*:*:wordpress:*:*

Версия до 2017-10-04 (включая)

EPSS

Процентиль: 44%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hvmp-cgfq-vj7f

CVSS3: 6.1

github

больше 3 лет назад

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.

EPSS

Процентиль: 44%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79