exploitDog

CVE-2022-2599

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 6.1

EPSS Средний

Описание

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting

Ссылки

https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anti-malware_security_and_brute-force_firewall_project:anti-malware_security_and_brute-force_firewall:*:*:*:*:*:wordpress:*:*

Версия до 4.21.83 (исключая)

EPSS

Процентиль: 97%

0.3908

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-6c8f-q735-wjp5

CVSS3: 6.1

github

больше 3 лет назад

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 97%

0.3908

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79