Описание
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.2 (исключая)
cpe:2.3:a:hu-manity:cookie_notice_\&_compliance_for_gdpr_\/_ccpa:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 51%
0.00282
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.
EPSS
Процентиль: 51%
0.00282
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79