exploitDog

CVE-2021-3258

Опубликовано: 05 фев. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.

Ссылки

https://github.com/q2a-projects/Q2A-Ultimate-SEO/commit/20069f28147c6f2c3acca4e3f6f5154537c5d536
Patch
Third Party Advisory
https://nirmaldahal.com.np/sxss-to-defacement-and-account-takeover/
Exploit
Third Party Advisory
https://www.question2answer.org/qa/58520/important-q2a-ultimate-seo-important-update
Release Notes
Vendor Advisory
https://github.com/q2a-projects/Q2A-Ultimate-SEO/commit/20069f28147c6f2c3acca4e3f6f5154537c5d536
Patch
Third Party Advisory
https://nirmaldahal.com.np/sxss-to-defacement-and-account-takeover/
Exploit
Third Party Advisory
https://www.question2answer.org/qa/58520/important-q2a-ultimate-seo-important-update
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qa-themes:q2a_ultimate_seo:1.3:*:*:*:*:question2answer:*:*

EPSS

Процентиль: 66%

0.00521

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rjqp-837c-gqg6

github

больше 3 лет назад

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.

EPSS

Процентиль: 66%

0.00521

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79