PT-2023-14567 · Apollotheme · Wp Page Builder

Dalii

Publicado

2023-01-31

Atualizado

2023-02-07

CVE-2022-44897

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ApolloTheme AP PageBuilder versions through 2.4.4

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show number parameter.

Recommendations For ApolloTheme AP PageBuilder versions through 2.4.4, consider restricting access to the show number parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2022-44897

Produtos afetados

Wp Page Builder

PT-2023-14567 · Apollotheme · Wp Page Builder

CVE-2022-44897

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5