← back
CVE-2017-2285

CVE-2017-2285

CVSS 6.1 MEDIUMEPSS 1.5%CWE-79
Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
SilkyPress · Simple Custom CSS and JS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN31459091/index.htmlhttps://plugins.trac.wordpress.org/changeset/1695440/#file6https://wordpress.org/plugins/custom-css-js/#developershttps://wpvulndb.com/vulnerabilities/8879