PT-2023-15913 · Unknown · Udx Stateless Media Plugin
Published
2023-02-13
·
Updated
2024-05-17
·
CVE-2022-4905
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UDX Stateless Media Plugin version 3.1.1
Description
A vulnerability was found in the UDX Stateless Media Plugin. It affects the
setup wizard interface function of the file lib/classes/class-settings.php. The manipulation of the settings argument leads to cross-site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 addresses this issue.Recommendations
For UDX Stateless Media Plugin version 3.1.1, upgrade to version 3.2.0 to address the issue. As a temporary workaround, consider restricting access to the
setup wizard interface function until the upgrade is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Udx Stateless Media Plugin