CVE-2017-16815 Information
Description
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values \url_new\ (/wp-content/plugins/duplicator/installer/build/view.step4.php) and \logging\ (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html
https://snapcreek.com/duplicator/docs/changelog
installer.php
in
the
Snap
Creek
Duplicator
(WordPress
Site
Migration
&
Backup)
plugin
before
1.2.30
for
WordPress
has
XSS
because
the
values
\url_new
(/wp-content/plugins/duplicator/installer/build/view.step4.php)
and
\logging
(wp-content/plugins/duplicator/installer/build/view.step2.php)
are
not
filtered
correctly.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: