CVE-2022-0431

Sažetak

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting

Reference

https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca
https://plugins.trac.wordpress.org/changeset/2690415

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-04-2022 - 17:51

Objavljeno

04-04-2022 - 16:15