CVE-2017-20177

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WangGuard Plugin version 1.8.0

Description A problematic issue has been found in the WangGuard Plugin, affecting the wangguard users info function of the wangguard-user-info.php file in the WGG User List Handler component. The manipulation of the userIP argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For WangGuard Plugin version 1.8.0, apply a patch to fix this issue. As a temporary workaround, consider restricting the use of the wangguard users info function until a patch is available. Avoid using the userIP argument in the affected component to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-20177

Affected Products

Wangguard Plugin

CVE-2017-20177

Weakness Enumeration

Related Identifiers

Affected Products

References · 7