CVE-2017-17059
published 2017-11-29CVE-2017-17059: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to…
PriorityP339medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.42%
87.4th percentile
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amtythumb_project | amtythumb | <= 8.1.3 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2017-17059 [MEDIUM] WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.
Template:
id: CVE-2017-17059
info:
name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
remediation: |
Update to the latest version of amtyThumb Posts plugin or apply the patch provided by the vendor.
reference:
- https://github.com/NaturalIn
No writeups or analysis indexed.
https://github.com/NaturalIntelligence/wp-thumb-post/issues/1https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.htmlhttps://github.com/NaturalIntelligence/wp-thumb-post/issues/1https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html
2017-11-29
Published