Описание
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.6 (исключая)
cpe:2.3:a:themeisle:otter_blocks:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 2 года назад
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
EPSS
Процентиль: 48%
0.00247
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79