Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25628

Related Vulnerabilities

Atlassian Jira CVE-2019-20413 Vulnerability (CVE-2019-20413)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.1.9)

WordPress Plugin Preview E-mails for WooCommerce Cross-Site Scripting (1.6.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6104)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Security Bypass (9.3)

Severity

Medium

Classification

CVE-2020-25628 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities