exploitDog

CVE-2020-36656

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Ссылки

https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*

Версия до 1.15.0 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3xxh-w577-324m

CVSS3: 5.4

github

почти 3 года назад

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

EPSS

Процентиль: 34%

0.00138

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79