exploitDog

CVE-2023-6050

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Ссылки

https://wpscan.com/vulnerability/c08e0f24-bd61-4e83-a555-363568cf0e6e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c08e0f24-bd61-4e83-a555-363568cf0e6e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:estatik:estatik:*:*:*:*:*:wordpress:*:*

Версия до 4.1.1 (исключая)

EPSS

Процентиль: 34%

0.00141

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-x2vc-c3wq-5j89

CVSS3: 6.1

github

около 2 лет назад

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS

Процентиль: 34%

0.00141

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79