exploitDog

CVE-2022-1990

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

Ссылки

https://wpscan.com/vulnerability/42f1bf1f-95a8-41ee-a637-88deb80ab870
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/42f1bf1f-95a8-41ee-a637-88deb80ab870
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kylephillips:nested_pages:*:*:*:*:*:wordpress:*:*

Версия до 3.1.21 (исключая)

EPSS

Процентиль: 56%

0.00338

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xqgh-cm65-m6gj

CVSS3: 4.8

github

больше 3 лет назад

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

EPSS

Процентиль: 56%

0.00338

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79