CVE-2021-36823

Опубликовано: 23 сент. 2021

Источник: nvd

CVSS3: 6.6

CVSS3: 8.2

CVSS2: 3.5

EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cusmin:absolutely_glamorous_custom_admin:*:*:*:*:*:wordpress:*:*

Версия до 6.8 (включая)

EPSS

Процентиль: 43%

0.00208

Низкий

6.6 Medium

CVSS3

8.2 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5qj7-xwrg-68v3

CVSS3: 8.2

github

больше 3 лет назад

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.

EPSS

Процентиль: 43%

0.00208

Низкий

6.6 Medium

CVSS3

8.2 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79