CVE-2021-36889

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 3.4

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).

Ссылки

https://patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-6-multiple-stored-authenticated-cross-site-scripting-xss-vulnerabilities
Third Party Advisory
https://wordpress.org/plugins/tarteaucitronjs/#developers
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/tarteaucitronjs/wordpress-tarteaucitron-js-cookies-legislation-gdpr-plugin-1-6-multiple-stored-authenticated-cross-site-scripting-xss-vulnerabilities
Third Party Advisory
https://wordpress.org/plugins/tarteaucitronjs/#developers
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tarteaucitron.js_-_cookies_legislation_\&_gdpr_project:tarteaucitron.js_-_cookies_legislation_\&_gdpr:*:*:*:*:*:wordpress:*:*

Версия до 1.6.1 (исключая)

EPSS

Процентиль: 53%

0.00304

Низкий

3.4 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h2mr-r867-cxv6

github

около 4 лет назад

Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).

EPSS

Процентиль: 53%

0.00304

Низкий

3.4 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79