← volver
CVE-2019-25315

WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
anttiviljami · WP Server Log Viewer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/anttiviljami/wp-server-log-viewerhttps://www.exploit-db.com/exploits/47419https://www.vulncheck.com/advisories/wp-server-log-viewer-logfile-persistent-cross-site-scripting