Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1566

Опубликовано: 30 мая 2022
Источник: nvd
CVSS3: 4.8
CVSS2: 3.5
EPSS Низкий

Описание

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:quotes_llama_project:quotes_llama:*:*:*:*:*:wordpress:*:*
Версия до 1.0.0 (исключая)

EPSS

Процентиль: 52%
0.00287
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-q8w9-hwf9-hwwg

CVSS3: 4.8
github
больше 3 лет назад

The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

EPSS

Процентиль: 52%
0.00287
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79