CVE-2021-42549

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

Ссылки

https://www.wpcloudplugins.com/wp-content/plugins/lets-box/_documentation/index.html#releasenotes
Third Party Advisory
https://www.wpcloudplugins.com/wp-content/plugins/lets-box/_documentation/index.html#releasenotes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpcloudplugins:lets-box:*:*:*:*:*:wordpress:*:*

Версия до 1.15.3 (исключая)

EPSS

Процентиль: 73%

0.00782

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vvwh-jqqq-8v6c

github

около 4 лет назад

Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

EPSS

Процентиль: 73%

0.00782

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79