CVE-2019-20204

Опубликовано: 02 янв. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

Ссылки

http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md
Exploit
Third Party Advisory
https://postieplugin.com/
Product
https://wordpress.org/plugins/postie/#developers
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/10002
Third Party Advisory
http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md
Exploit
Third Party Advisory
https://postieplugin.com/
Product
https://wordpress.org/plugins/postie/#developers
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/10002
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:postieplugin:postie:*:*:*:*:*:wordpress:*:*

Версия до 1.9.40 (включая)

EPSS

Процентиль: 75%

0.00878

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-57qh-3r5h-qf46