Описание
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.42 (включая)
cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 54%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
EPSS
Процентиль: 54%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2