4.8
CVE-2019-16522
- EPSS 1.03%
- Veröffentlicht 16.10.2019 15:15:15
- Zuletzt bearbeitet 21.11.2024 04:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginEU Cookie Law <= 3.1.2 - Authenticated Stored Cross-Site Scripting
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
Mögliche Gegenmaßnahme
EU Cookie Law for GDPR/CCPA: Update to version 3.1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eu Cookie Law Project ≫ Eu Cookie Law SwPlatformwordpress Version <= 3.0.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
EU Cookie Law for GDPR/CCPA
Version
[*, 3.1.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.593 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law
https://wordpress.org/plugins/eu-cookie-law/#developers
https://wpvulndb.com/vulnerabilities/9918
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e7cde2e-28e6-417a-900a-38d0a77800d3