onesignal-free-web-push-notifications Plugin up to 1.17.7 on WordPress subdomain cross site scripting

A vulnerability was found in onesignal-free-web-push-notifications Plugin up to 1.17.7 on WordPress (WordPress Plugin). It has been classified as problematic. This affects some unknown functionality. Upgrading to version 1.17.8 eliminates this vulnerability.

Field	08/31/2019 07:48 AM	08/10/2020 05:01 PM
name	onesignal-free-web-push-notifications Plugin	onesignal-free-web-push-notifications Plugin
version	<=1.17.7	<=1.17.7
platform	WordPress	WordPress
argument	subdomain	subdomain
risk	1	1
cvss2_vuldb_basescore	3.5	3.5
cvss2_vuldb_tempscore	3.0	3.0
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	M	M
cvss2_vuldb_au	S	S
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss3_meta_basescore	3.5	3.5
cvss3_meta_tempscore	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	L	L
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
date	1567123200 (08/30/2019)	1567123200 (08/30/2019)
price_0day	$0-$5k	$0-$5k
name	Upgrade	Upgrade
upgrade_version	1.17.8	1.17.8
cve	CVE-2019-15827	CVE-2019-15827
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	X	X
type		WordPress Plugin
cwe	0	79 (cross site scripting)
cve_assigned		1567036800
cve_nvd_summary		The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.

Do you want to use VulDB in your project?

Use the official API to access entries easily!