CVE-2021-42233

Опубликовано: 23 мая 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.

Ссылки

https://hackerone.com/reports/485748
Exploit
Third Party Advisory
https://hackerone.com/reports/647130
Exploit
Third Party Advisory
https://hackerone.com/reports/961046
Exploit
Third Party Advisory
https://hackerone.com/reports/485748
Exploit
Third Party Advisory
https://hackerone.com/reports/647130
Exploit
Third Party Advisory
https://hackerone.com/reports/961046
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:simple_blog_project:simple_blog:-:*:*:*:*:*:*:*

cpe:2.3:a:wondercms:wondercms:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00346

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-44xf-m62f-7h7r