6.1

CVE-2015-10094

Fastly Plugin api.php post cross site scripting

Fastly <= 0.97 - Reflected Cross-Site Scripting

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Mögliche Gegenmaßnahme
Fastly: Update to version 0.98, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FastlyFastly SwPlatformwordpress Version < 0.98
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Fastly
Version *-0.97
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.413
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com 2.4 0.9 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com 3.3 6.4 2.9
AV:N/AC:L/Au:M/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656
Patch
https://github.com/wp-plugins/fastly/releases/tag/0.98
Release Notes
https://vuldb.com/?ctiid.222326
Third Party Advisory
Permissions Required
https://vuldb.com/?id.222326
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/0042d5ba-62de-404e-9516-67cae618f684
Third Party Advisory