CVE-2021-39319

duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting

CVSS 6.1 MEDIUMEPSS 0.8%CWE-79

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Productos afectados

duoFAQ - Responsive, Flat, Simple FAQ · duoFAQ - Responsive, Flat, Simple FAQ

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/browser/duofaq-responsive-flat-simple-faq/tags/1.4.8/duogeek/duogeek-panel.php#L388 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39319