Описание
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.3 (исключая)
cpe:2.3:a:wpengine:genesis_blocks:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.8
github
почти 2 года назад
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
EPSS
Процентиль: 55%
0.00322
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79