exploitDog

CVE-2018-14846

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.

Ссылки

https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html
Exploit
Third Party Advisory
https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/
Exploit
Patch
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9186
Exploit
Patch
Third Party Advisory
https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html
Exploit
Third Party Advisory
https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/
Exploit
Patch
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9186
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*

Версия до 1.2.8 (исключая)

EPSS

Процентиль: 44%

0.00218

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w6m4-38f4-rjq7

CVSS3: 5.4

github

больше 3 лет назад

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.

EPSS

Процентиль: 44%

0.00218

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79