CVE-2020-36656

Sažetak

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Reference

https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b
https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

23-04-2025 - 17:15

Objavljeno

21-02-2023 - 09:15