CVE-2022-27231

Sažetak

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

Reference

https://wordpress.org/plugins/wp-statistics/
https://wordpress.org/plugins/wp-statistics/#developers
https://jvn.jp/en/jp/JVN15241647/index.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-06-2022 - 18:51

Objavljeno

13-06-2022 - 05:15