CVE-2019-19133

Sažetak

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.

Reference

http://packetstormsecurity.com/files/155558/WordPress-CSS-Hero-4.0.3-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2019/Dec/6
https://wpvulndb.com/vulnerabilities/9966

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-12-2019 - 17:15

Objavljeno

04-12-2019 - 19:15