exploitDog

CVE-2021-24637

Опубликовано: 20 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.

Ссылки

https://wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fontsplugin:fonts:*:*:*:*:*:wordpress:*:*

Версия до 3.0.3 (исключая)

EPSS

Процентиль: 42%

0.00197

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x8c7-9c7c-54qw

github

больше 3 лет назад

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.

EPSS

Процентиль: 42%

0.00197

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79