onesignal-free-web-push-notifications Plugin bis 1.17.7 auf WordPress subdomain Cross Site Scripting
Es wurde eine Schwachstelle in onesignal-free-web-push-notifications Plugin bis 1.17.7 auf WordPress (WordPress Plugin) ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist eine unbekannte Funktionalität. Ein Aktualisieren auf die Version 1.17.8 vermag dieses Problem zu lösen.
| Feld | 31.08.2019 07:48 | 10.08.2020 17:01 |
|---|---|---|
| name | onesignal-free-web-push-notifications Plugin | onesignal-free-web-push-notifications Plugin |
| version | <=1.17.7 | <=1.17.7 |
| platform | WordPress | WordPress |
| argument | subdomain | subdomain |
| risk | 1 | 1 |
| cvss2 | 3.5 | 3.5 |
| cvss2 | 3.0 | 3.0 |
| cvss2 | N | N |
| cvss2 | M | M |
| cvss2 | S | S |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | N | N |
| cvss3 | 3.5 | 3.5 |
| cvss3 | 3.4 | 3.4 |
| cvss3 | 3.5 | 3.5 |
| cvss3 | 3.4 | 3.4 |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | L | L |
| cvss3 | R | R |
| cvss3 | U | U |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| date | 1567123200 (30.08.2019) | 1567123200 (30.08.2019) |
| price | $0-$5k | $0-$5k |
| name | Upgrade | Upgrade |
| upgrade | 1.17.8 | 1.17.8 |
| cve | CVE-2019-15827 | CVE-2019-15827 |
| cvss2 | ND | ND |
| cvss2 | OF | OF |
| cvss2 | ND | ND |
| cvss3 | X | X |
| cvss3 | O | O |
| cvss3 | X | X |
| type | WordPress Plugin | |
| cwe | 0 | 79 (Cross Site Scripting) |
| cve | 1567036800 | |
| cve | The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. |
Might our Artificial Intelligence support you?
Check our Alexa App!