exploitDog

CVE-2022-1217

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

Ссылки

https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:custom_tinymce_shortcode_button_project:custom_tinymce_shortcode_button:*:*:*:*:*:wordpress:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 44%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vprr-8w4v-cwhx

CVSS3: 6.1

github

больше 3 лет назад

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

EPSS

Процентиль: 44%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79