exploitDog

CVE-2024-13627

Опубликовано: 17 фев. 2025

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Ссылки

https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-buy:owl_carousel_slider:*:*:*:*:*:wordpress:*:*

Версия до 2.2 (включая)

EPSS

Процентиль: 14%

0.00046

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rwgq-769w-9jq7

CVSS3: 4.7

github

12 месяцев назад

The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS

Процентиль: 14%

0.00046

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79