CVE-2018-0577

EPSS 1.07%
Veröffentlicht 14.05.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 03:38:30
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Mögliche Gegenmaßnahme

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters: Update to version 4.0.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flippercode ≫ Wp Google Map SwPlatformwordpress Version < 4.0.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

Version [*, 4.0.4)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.603

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://jvn.jp/en/jp/JVN01040170/index.html

Third Party Advisory

VDB Entry

https://wordpress.org/plugins/wp-google-map-plugin/#developers

Release Notes

https://wpvulndb.com/vulnerabilities/9610

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5aa41416-c945-489b-81a3-1222a5e24469

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0577

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0577

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0577

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-0577