6.1
CVE-2013-10026
- EPSS 0.1%
- Veröffentlicht 02.05.2023 02:15:27
- Zuletzt bearbeitet 21.11.2024 01:48:41
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginMail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting
A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The identifier of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability.
Mögliche Gegenmaßnahme
Mail Subscribe List: Update to version 2.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mail Subscribe List
Version
* - 2.0.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webfwd ≫ Mail Subscribe List SwPlatformwordpress Version >= 2.0.0 <= 2.0.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.287 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.