CVE-2017-20177
3.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The patch is identified as 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | WangGuard Plugin | 1.8.0 | affected |
Weaknesses
- CWE-79: CWE-79 Cross Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.220214
- https://vuldb.com/?ctiid.220214
- https://github.com/joseconti/WangGuard/pull/14
- https://github.com/joseconti/WangGuard/commit/88414951e30773c8d2ec13b99642688284bf3189
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.220214
- https://vuldb.com/?ctiid.220214
- https://github.com/joseconti/WangGuard/pull/14
- https://github.com/joseconti/WangGuard/commit/88414951e30773c8d2ec13b99642688284bf3189
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.