exploitDog

CVE-2021-4227

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

Ссылки

https://wpscan.com/vulnerability/8d015eba-31dc-44cb-a051-4e95df782b75/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8d015eba-31dc-44cb-a051-4e95df782b75/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:obg:ark_wysiwyg_comment_editor:*:*:*:*:*:wordpress:*:*

Версия до 2.15.6 (включая)

EPSS

Процентиль: 45%

0.00222

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-74

Связанные уязвимости

GHSA-h3w7-w9rh-w829

CVSS3: 5.3

github

около 2 лет назад

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

EPSS

Процентиль: 45%

0.00222

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-74