CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12934 – WP Code Highlight.js <= 0.6.2 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12934
19 Jul 2019 — An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter. Se detectó un problema en el plugin wp-code-highlightjs hasta versión 0.6.2 para WordPress. wp-admin/options-general.php?page=wp-code-highlight-js permite un vulnerabilidad de tipo CSRF, como es demostrado por una carga útil de tipo XSS en el parámetro hljs_additional_css. The WP Code... • http://www.securityfocus.com/bid/109331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •