CVE-2019-6112

Опубликовано: 14 авг. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).

Ссылки

https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
Patch
Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2020-001-A_XSS_Vulnerability_in_Sell_Media_Plugin_v2.4.1_for_WordPress.txt
Third Party Advisory
https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
Patch
Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2020-001-A_XSS_Vulnerability_in_Sell_Media_Plugin_v2.4.1_for_WordPress.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graphpaperpress:sell_media:*:*:*:*:*:wordpress:*:*

Версия до 2.4.1 (включая)

EPSS

Процентиль: 97%

0.32802

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5mfq-xv23-x58q

github

больше 3 лет назад