Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Unknown - Spectra

cve-2020-36656

Vulnerability from cvelistv5

Published

2023-02-21 08:50

Modified

2024-08-04 17:30

Severity ?

Summary

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

References

▼	URL	Tags
	https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b	exploit, vdb-entry, technical-description

Impacted products

Vendor

Product

Version

▼

Unknown

Spectra

Version: 0 < 1.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Spectra",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lana Codes"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin\u0027s Gutenberg blocks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-21T08:50:37.298Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Spectra \u003c 1.15.0 - Contributor+ Stored Cross-Side Scripting",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2020-36656",
    "datePublished": "2023-02-21T08:50:37.298Z",
    "dateReserved": "2023-01-24T16:04:09.482Z",
    "dateUpdated": "2024-08-04T17:30:08.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}