The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Metrics
Affected Vendors & Products
References
History
Fri, 13 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:wordpress:*:* |
Thu, 12 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Scriptonite
Scriptonite music Request Manager |
|
CPEs | cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:*:*:* | |
Vendors & Products |
Scriptonite
Scriptonite music Request Manager |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |
Title | Music Request Manager <= 1.3 - Reflected XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-12T06:00:03.607Z
Updated: 2024-09-12T18:24:13.541Z
Reserved: 2024-06-14T18:38:29.728Z
Link: CVE-2024-6018
Vulnrichment
Updated: 2024-09-12T18:23:55.616Z
NVD
Status : Analyzed
Published: 2024-09-12T06:15:23.920
Modified: 2024-09-13T16:15:14.947
Link: CVE-2024-6018
Redhat
No data.