Description

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.

Related CPE's

a

wpmailster

wp_mailster

1.6.18

*

*

*

*

wordpress

Vulnerable

References

https://www.compass-security.com/en/research/advisories/

Third Party Advisory

https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt

ExploitThird Party Advisory

https://www.compass-security.com/en/research/advisories/

Third Party Advisory

https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-21T14:15:07.800Z

4 years ago

Last modified

2024-11-21T05:00:29.067Z

1 year ago