exploitDog

CVE-2023-6485

Опубликовано: 01 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins

Ссылки

https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:*

Версия до 2.5.19 (исключая)

EPSS

Процентиль: 85%

0.02446

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-p5mw-mg37-2vrh

CVSS3: 5.4

github

около 2 лет назад

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins

EPSS

Процентиль: 85%

0.02446

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79