CVE-2019-6112

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Sell Media
Vendor
CVE Published:
14 August 2020

Summary

A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).

References

https://metamorfosec.com/Files/Advisories/METS-2020-001-A...
x_refsource_MISC
https://github.com/graphpaperpress/Sell-Media/commit/8ac8...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.