CVE-2021-24316

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.

Ссылки

https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
Exploit
Third Party Advisory
https://www.wowthemes.net/themes/mediumish-wordpress/
Product
Vendor Advisory
https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
Exploit
Third Party Advisory
https://www.wowthemes.net/themes/mediumish-wordpress/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wowthemes:mediumish:*:*:*:*:*:wordpress:*:*

Версия до 1.0.47 (включая)

EPSS

Процентиль: 98%

0.57424

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9gxp-8w92-6cxw

github

больше 3 лет назад