Dismissed
Permalink
CVE-2025-12116
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
5 packages
- driftctl
- driftnet
- vdrift-bin
- haskellPackages.drifter
- haskellPackages.drifter-sqlite
- @LeSuisse dismissed
Drift <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Affected products
Drift
- =<1.5.0
Ignored packages (5)
pkgs.driftctl
Detect, track and alert on infrastructure drift
pkgs.driftnet
Watches network traffic, and picks out and displays JPEG and GIF images for display
pkgs.vdrift-bin
Car racing game
-
nixos-unstable 2021-09-05
- nixpkgs-unstable 2021-09-05
- nixos-unstable-small 2021-09-05
-
nixos-25.11 2021-09-05
- nixos-25.11-small 2021-09-05
- nixpkgs-25.11-darwin 2021-09-05
pkgs.haskellPackages.drifter
Simple schema management for arbitrary databases