Описание
The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.8015 (исключая)
cpe:2.3:a:shopfiles:ebook_store:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 8%
0.00031
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
6 месяцев назад
The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
EPSS
Процентиль: 8%
0.00031
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79