exploitDog

CVE-2023-4805

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Ссылки

https://wpscan.com/vulnerability/1049e940-49b1-4236-bea2-c636f35c5647
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1049e940-49b1-4236-bea2-c636f35c5647
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*

Версия до 2.3.0 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-fj34-c7pj-j8xq

CVSS3: 5.4

github

больше 2 лет назад

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты