CVE-2022-29418

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].

Ссылки

https://patchstack.com/database/vulnerability/night-mode/wordpress-night-mode-plugin-1-0-0-authenticated-persistent-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/night-mode/#developers
Vendor Advisory
https://patchstack.com/database/vulnerability/night-mode/wordpress-night-mode-plugin-1-0-0-authenticated-persistent-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/night-mode/#developers
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:night_mode_project:night_mode:*:*:*:*:*:wordpress:*:*

Версия до 1.0.0 (включая)

EPSS

Процентиль: 68%

0.00579

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fpw5-qfqj-36gq