5.4
CVE-2020-35589
- EPSS 0.18%
- Veröffentlicht 21.12.2020 07:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginLimit Login Attempts Reloaded <= 2.15.2 - Reflected Cross-Site Scripting
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
Mögliche Gegenmaßnahme
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall: Update to version 2.17.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall
Version
*-2.15.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Limitloginattempts ≫ Limit Login Attempts Reloaded SwPlatformwordpress Version < 2.17.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.396 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.