CVE-2021-42548

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

Ссылки

https://www.wpcloudplugins.com/wp-content/plugins/share-one-drive/_documentation/index.html#releasenotes
Third Party Advisory
https://www.wpcloudplugins.com/wp-content/plugins/share-one-drive/_documentation/index.html#releasenotes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpcloudplugins:share-one-drive:*:*:*:*:*:wordpress:*:*

Версия до 1.15.3 (исключая)

EPSS

Процентиль: 73%

0.00782

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4j93-782c-r8vm

github

около 4 лет назад

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

EPSS

Процентиль: 73%

0.00782

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79