6.1
CVE-2023-6268
- EPSS 0.42%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:29
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginJSON Content Importer < 1.5.4 - Reflected XSS
Get Use APIs – JSON Content Importer <= 1.5.3 - Reflected Cross-Site Scripting
The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Mögliche Gegenmaßnahme
Get Use APIs – JSON Content Importer: Update to version 1.5.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Json-content-importer ≫ Json Content Importer SwPlatformwordpress Version < 1.5.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Get Use APIs – JSON Content Importer
Version
*-1.5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/15b9ab48-c038-4f2e-b823-1e374baae985
https://www.wordfence.com/threat-intel/vulnerabilities/id/777e2e60-46c3-496c-8263-f2e253014ba5