Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25628

Related Vulnerabilities

WebLogic CVE-2018-11039 Vulnerability (CVE-2018-11039)

WordPress Plugin aoringo LOG maker Cross-Site Scripting (0.1.3)

WordPress Plugin Lightbox Multiple Unspecified Vulnerabilities (2.0.7)

WordPress Plugin AI ChatBot Directory Traversal (4.9.2)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'mosmsg' and 'option' Parameters Cross-Site Scripting Vulnerabilities (3.0)

Severity

Medium

Classification

CVE-2020-25628 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities