CVE-2019-17207
Summary
| CVE | CVE-2019-17207 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-18 16:15:00 UTC |
| Updated | 2019-10-21 18:19:00 UTC |
| Description | A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Managewp | Broken Link Checker | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Broken Link Checker <= 1.11.8 - Authenticated Cross-Site Scripting (XSS) | MISC | wpvulndb.com | Exploit, Third Party Advisory |
| WordPress › Broken Link Checker « WordPress Plugins | MISC | wordpress.org | Product |
| Full Disclosure: Reflected XSS via Broken Link Checker v.1.11.8 WordPress Plugin | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| WordPress Broken Link Checker 1.11.8 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.