CVE-2017-14530

Sažetak

WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.

Reference

https://cybersecurityworks.com/zerodays/cve-2017-14530-crony.html
https://github.com/cybersecurityworks/Disclosed/issues/9
https://wordpress.org/plugins/crony/#developers

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-11-2020 - 19:41

Objavljeno

18-09-2017 - 01:29