Описание
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.1 (исключая)Версия до 1.2.4 (исключая)
Одно из
cpe:2.3:a:purethemes:findeo:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.63261
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.
EPSS
Процентиль: 98%
0.63261
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79