exploitDog

CVE-2023-0421

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

Ссылки

https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloud_manager_project:cloud_manager:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 71%

0.00686

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-6jwf-2xx4-59h4

CVSS3: 6.1

github

больше 2 лет назад

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

EPSS

Процентиль: 71%

0.00686

Низкий

6.1 Medium

CVSS3

Дефекты