6.1
CVE-2019-16521
- EPSS 1.4%
- Veröffentlicht 16.10.2019 15:15:15
- Zuletzt bearbeitet 21.11.2024 04:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBroken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
Mögliche Gegenmaßnahme
Broken Link Checker: Update to version 1.11.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Managewp ≫ Broken Link Checker SwPlatformwordpress Version <= 1.11.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Broken Link Checker
Version
[*, 1.11.9)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.4% | 0.688 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wordpress.org/plugins/broken-link-checker/#developers
http://www.openwall.com/lists/oss-security/2019/10/16/3
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker
https://wpvulndb.com/vulnerabilities/9917
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a7709fd-bb53-47a6-9fae-d5a6be513b39