CVE-2017-9288
published 2017-05-29CVE-2017-9288: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
PriorityP340medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.98%
89.2th percentile
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| raygun | raygun4wp | < 1.8.3 | 1.8.3 |
| raygun | raygun4wp | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vc9h-6cr4-9jh7: The raygun4wp plugin before 1
ghsa_unreviewed·2022-05-24·CVSS 6.1
CVE-2017-18531 [MEDIUM] CWE-79 GHSA-vc9h-6cr4-9jh7: The raygun4wp plugin before 1
The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.
GHSA
GHSA-5vr8-8w2c-45pm: The Raygun4WP plugin 1
ghsa_unreviewed·2022-05-17
CVE-2017-9288 [MEDIUM] CWE-79 GHSA-5vr8-8w2c-45pm: The Raygun4WP plugin 1
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
No detection rules found.
Nuclei
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2017-9288 [MEDIUM] WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
WordPress Raygun4WP alert(document.domain)"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a00463044022070e0f9012280511e96291f55047b55dd6e34070440f97b56fbbfcc6afd69cd14022060d9b86e95b72c182b1bfd19c6a3a72d275e4e18aca4cc6c4bd731668838604d:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.htmlhttps://github.com/MindscapeHQ/raygun4wordpress/issues/16https://github.com/MindscapeHQ/raygun4wordpress/pull/17https://wpvulndb.com/vulnerabilities/8836http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.htmlhttps://github.com/MindscapeHQ/raygun4wordpress/issues/16https://github.com/MindscapeHQ/raygun4wordpress/pull/17https://wpvulndb.com/vulnerabilities/8836
2017-05-29
Published