Описание
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.4 (исключая)
cpe:2.3:a:lightpress:lightbox:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.8
github
9 месяцев назад
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.
EPSS
Процентиль: 30%
0.0011
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79