exploitDog

CVE-2022-1396

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

Ссылки

https://packetstormsecurity.com/files/166531/
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/721ddc3e-ab24-4834-bd47-4eb6700439a9
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/166531/
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/721ddc3e-ab24-4834-bd47-4eb6700439a9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:donorbox:donorbox:*:*:*:*:*:wordpress:*:*

Версия до 7.1.7 (исключая)

EPSS

Процентиль: 85%

0.02402

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jcp6-p29m-pc34

CVSS3: 4.8

github

почти 4 года назад

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

EPSS

Процентиль: 85%

0.02402

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79