PT-2019-7427 · Unknown · Broken-Link-Manager

Marcin Probola

Published

2019-10-10

Updated

2019-10-11

CVE-2015-9468

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions broken-link-manager plugin version 0.4.5

Description The issue concerns a cross-site scripting (XSS) flaw. It is triggered via the page parameter in a delURL action.

Recommendations For version 0.4.5, consider disabling the delURL action until a patch is available to prevent exploitation of the XSS flaw. Restrict access to the page parameter to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9468

Affected Products

Broken-Link-Manager

PT-2019-7427 · Unknown · Broken-Link-Manager

CVE-2015-9468

Weakness Enumeration

Related Identifiers

Affected Products

References · 5