Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-39346

Опубликовано: 01 нояб. 2021
Источник: nvd
CVSS3: 4.8
CVSS2: 2.1
EPSS Низкий

Описание

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:supsystic:easy_google_maps:*:*:*:*:*:wordpress:*:*
Версия до 1.9.33 (включая)

EPSS

Процентиль: 62%
0.00432
Низкий

4.8 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-44xv-8ff2-fg74

github
больше 3 лет назад

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

EPSS

Процентиль: 62%
0.00432
Низкий

4.8 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-79