6.1
CVE-2019-20211
- EPSS 0.76%
- Veröffentlicht 13.01.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 04:38:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
Mögliche Gegenmaßnahme
CityBook - Directory & Listing WordPress Theme: Update to version 2.3.4, or a newer patched version
EasyBook – Hotel & Tour Booking WordPress Theme: Update to version 1.2.2, or a newer patched version
TownHub - Directory & Listing WordPress Theme: Update to version 1.0.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
CityBook - Directory & Listing WordPress Theme
Version
* - 2.3.3
SystemWordPress Theme
≫
Produkt
EasyBook – Hotel & Tour Booking WordPress Theme
Version
* - 1.2.1
SystemWordPress Theme
≫
Produkt
TownHub - Directory & Listing WordPress Theme
Version
* - 1.0.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.725 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.