exploitDog

CVE-2023-0285

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devowl:real_media_library:*:*:*:*:*:wordpress:*:*

Версия до 4.18.29 (исключая)

EPSS

Процентиль: 44%

0.00215

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-73xq-fm46-h4hh

CVSS3: 5.4

github

почти 3 года назад

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

EPSS

Процентиль: 44%

0.00215

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79