← volver
CVE-2021-24316

Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)

EPSS 6.4%CWE-79
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 6.4%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
01 jun 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
Productos afectados
WowThemes · Mediumish

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txthttps://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2ehttps://www.wowthemes.net/themes/mediumish-wordpress/