Описание
The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (включая)
cpe:2.3:a:bluemedicinelabs:hotjar_connecticator:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.
EPSS
Процентиль: 37%
0.00162
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79