Vulnerability Details CVE-2018-20462
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wpvulndb.com/vulnerabilities/9196
- https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
- https://wpvulndb.com/vulnerabilities/9196
- https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
Products affected by CVE-2018-20462
-
cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07