CVE-2019-20211

Exploit

EPSS 2.58%
Veröffentlicht 13.01.2020 18:15:14
Zuletzt bearbeitet 21.11.2024 04:38:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Mögliche Gegenmaßnahme

CityBook - Directory & Listing WordPress Theme: Update to version 2.3.4, or a newer patched version

EasyBook – Hotel & Tour Booking WordPress Theme: Update to version 1.2.2, or a newer patched version

TownHub - Directory & Listing WordPress Theme: Update to version 1.0.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cththemes ≫ Citybook SwPlatformwordpress Version < 2.3.4

Cththemes ≫ Easybook SwPlatformwordpress Version < 1.2.2

Cththemes ≫ Townhub SwPlatformwordpress Version < 1.0.6

Weitere Schwachstelleninformationen

SystemWordPress Theme

≫

Produkt CityBook - Directory & Listing WordPress Theme

Version *-2.3.3

SystemWordPress Theme

≫

Produkt EasyBook – Hotel & Tour Booking WordPress Theme

Version *-1.2.1

SystemWordPress Theme

≫

Produkt TownHub - Directory & Listing WordPress Theme

Version *-1.0.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.58%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://cxsecurity.com/issue/WLB-2019120110

Third Party Advisory

Exploit

https://cxsecurity.com/issue/WLB-2019120111

Third Party Advisory

Exploit

https://cxsecurity.com/issue/WLB-2019120112

Third Party Advisory

Exploit

https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727

Third Party Advisory

https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622

Third Party Advisory

https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

Third Party Advisory

https://wpvulndb.com/vulnerabilities/10013

Third Party Advisory

https://wpvulndb.com/vulnerabilities/10014

Third Party Advisory

https://wpvulndb.com/vulnerabilities/10018

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/788e1c5c-67a9-4b06-a2cf-15c980e83618

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-20211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20211

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-20211