exploitDog

CVE-2023-6166

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

Ссылки

https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*

Версия до 6.4.9.5 (исключая)

EPSS

Процентиль: 31%

0.00117

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8fxj-9pc3-pv45

CVSS3: 6.1

github

около 2 лет назад

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 31%

0.00117

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79