The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
Metrics
Affected Vendors & Products
References
History
Sun, 27 Oct 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mappresspro mappress Maps
|
|
CPEs | cpe:2.3:a:mappresspro:mappress_maps:-:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Mappresspro mappress Maps
|
|
Metrics |
cvssV3_1
|
ssvc
|
Fri, 04 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mappresspro
Mappresspro mappress Maps For Wordpress |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Mappresspro
Mappresspro mappress Maps For Wordpress |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-02-12T16:05:58.767Z
Updated: 2024-10-27T22:09:18.545Z
Reserved: 2024-01-11T11:30:33.280Z
Link: CVE-2024-0420
Vulnrichment
Updated: 2024-08-01T18:04:49.657Z
NVD
Status : Modified
Published: 2024-02-12T16:15:08.557
Modified: 2024-11-21T08:46:32.963
Link: CVE-2024-0420
Redhat
No data.