exploitDog

CVE-2022-28290

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request

Ссылки

https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html
Exploit
Third Party Advisory
https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:welaunch:wordpress_country_selector:1.6.5:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 83%

0.01901

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-wmqq-3wjj-mg5p

CVSS3: 6.1

github

почти 4 года назад

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request

EPSS

Процентиль: 83%

0.01901

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79