Описание
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.4.5 (исключая)
cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 87%
0.03183
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
EPSS
Процентиль: 87%
0.03183
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79