Описание
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.
Ссылки
- Third Party Advisory
- Product
- Product
- Release NotesVendor Advisory
- Third Party Advisory
- Product
- Product
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.1.0 (включая) до 6.1.7 (включая)Версия от 6.1.0 (включая) до 6.1.7 (включая)
Одно из
cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*
cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 97%
0.3237
Средний
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.
EPSS
Процентиль: 97%
0.3237
Средний
5.4 Medium
CVSS3
Дефекты
CWE-79