6.1

CVE-2015-10094

Fastly <= 0.97 - Reflected Cross-Site Scripting

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Mögliche Gegenmaßnahme
Fastly: Update to version 0.98, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Fastly
Version *-0.97
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FastlyFastly SwPlatformwordpress Version < 0.98
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com 2.4 0.9 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com 3.3 6.4 2.9
AV:N/AC:L/Au:M/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://vuldb.com/?ctiid.222326
Third Party Advisory
Permissions Required
https://vuldb.com/?id.222326
Third Party Advisory