onesignal-free-web-push-notifications Plugin up to 1.17.7 on WordPress subdomain cross site scripting
A vulnerability was found in onesignal-free-web-push-notifications Plugin up to 1.17.7 on WordPress (WordPress Plugin). It has been classified as problematic. This affects some unknown functionality. Upgrading to version 1.17.8 eliminates this vulnerability.
Field | 08/31/2019 07:48 AM | 08/10/2020 05:01 PM |
---|---|---|
name | onesignal-free-web-push-notifications Plugin | onesignal-free-web-push-notifications Plugin |
version | <=1.17.7 | <=1.17.7 |
platform | WordPress | WordPress |
argument | subdomain | subdomain |
risk | 1 | 1 |
cvss2 | 3.5 | 3.5 |
cvss2 | 3.0 | 3.0 |
cvss2 | N | N |
cvss2 | M | M |
cvss2 | S | S |
cvss2 | N | N |
cvss2 | P | P |
cvss2 | N | N |
cvss3 | 3.5 | 3.5 |
cvss3 | 3.4 | 3.4 |
cvss3 | 3.5 | 3.5 |
cvss3 | 3.4 | 3.4 |
cvss3 | N | N |
cvss3 | L | L |
cvss3 | L | L |
cvss3 | R | R |
cvss3 | U | U |
cvss3 | N | N |
cvss3 | L | L |
cvss3 | N | N |
date | 1567123200 (08/30/2019) | 1567123200 (08/30/2019) |
price | $0-$5k | $0-$5k |
name | Upgrade | Upgrade |
upgrade | 1.17.8 | 1.17.8 |
cve | CVE-2019-15827 | CVE-2019-15827 |
cvss2 | ND | ND |
cvss2 | OF | OF |
cvss2 | ND | ND |
cvss3 | X | X |
cvss3 | O | O |
cvss3 | X | X |
type | WordPress Plugin | |
cwe | 0 | 79 (cross site scripting) |
cve | 1567036800 | |
cve | The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. |
Do you want to use VulDB in your project?
Use the official API to access entries easily!