PT-2022-7929 · Weblizar · Weblizar User Login Log Plugin

Axel Koolhaas

Published

2022-06-16

Updated

2022-06-28

CVE-2017-20056

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions weblizar User Login Log Plugin version 2.2.1

Description A vulnerability was found in the weblizar User Login Log Plugin, which has been classified as problematic. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For weblizar User Login Log Plugin version 2.2.1, consider disabling the plugin until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to the plugin's functionality to minimize the risk of remote attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2017-20056

Affected Products

Weblizar User Login Log Plugin

PT-2022-7929 · Weblizar · Weblizar User Login Log Plugin

CVE-2017-20056

Weakness Enumeration

Related Identifiers

Affected Products

References · 7