The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b | Exploit Third Party Advisory |
Configurations
History
28 Feb 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b - Exploit, Third Party Advisory |
21 Feb 2023, 14:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-21 09:15
Updated : 2024-02-04 23:14
NVD link : CVE-2020-36656
Mitre link : CVE-2020-36656
CVE.ORG link : CVE-2020-36656
JSON object : View
Products Affected
brainstormforce
- spectra
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')