exploitDog

CVE-2022-1250

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

Ссылки

https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/
Vendor Advisory
https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718
Exploit
Third Party Advisory
https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/
Vendor Advisory
https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*

Версия до 1.4.0 (исключая)

EPSS

Процентиль: 82%

0.01778

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xc5f-4vv8-gxfp

CVSS3: 6.1

github

почти 4 года назад

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

EPSS

Процентиль: 82%

0.01778

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79