Описание
The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.10 (исключая)
cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 50%
0.00272
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.7
github
почти 2 года назад
The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks
EPSS
Процентиль: 50%
0.00272
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-79