Описание
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.68 (исключая)
cpe:2.3:a:magazine3:easy_table_of_contents:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 47%
0.00244
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
EPSS
Процентиль: 47%
0.00244
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79