CVE-2019-6112

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6112
Published
2020-08-14T14:15:12Z
Modified
2025-01-15T01:40:59.515527Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).

References

Affected packages

Git / github.com/graphpaperpress/sell-media

Affected ranges

Type
GIT
Repo
https://github.com/graphpaperpress/sell-media
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.9
1.3
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7
1.8.3
1.8.4
1.8.6
1.8.7
1.9
1.9.1
1.9.2
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8

2.*

2.0
2.0-hotfix
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.2
2.2.1
2.2.10
2.2.11
2.2.12
2.2.3
2.2.4
2.2.6
2.2.7
2.2.8
2.2.9
2.3
2.3.1
2.3.2
2.3.5
2.4
2.4.1

Other

settings-class