exploitDog

CVE-2023-0644

Опубликовано: 15 мая 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pushassist:push_notifications:*:*:*:*:*:wordpress:*:*

Версия до 3.0.8 (включая)

EPSS

Процентиль: 48%

0.00253

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

CVE-2023-0644

CVSS3: 6.1

ubuntu

больше 2 лет назад

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

GHSA-8pvr-vj93-gj3v

CVSS3: 6.1

github

больше 2 лет назад

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS

Процентиль: 48%

0.00253

Низкий

6.1 Medium

CVSS3

Дефекты