CVE-2019-16332

Sažetak

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

Reference

https://packetstormsecurity.com/files/154369/WordPress-API-Bearer-Auth-20181229-Cross-Site-Scripting.html
https://plugins.trac.wordpress.org/changeset/2152730
https://wordpress.org/plugins/api-bearer-auth/#developers
https://wpvulndb.com/vulnerabilities/9868

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-10-2019 - 13:54

Objavljeno

15-09-2019 - 22:15