CVE-2018-20462
MEDIUM NUCLEIjsmol2wp 1.07 - Cross-Site Scripting via jsmol.php data Parameter
Title source: llmExploitation Summary
CVE-2018-20462 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
Nuclei Templates (1)
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
MEDIUMby daffainfo
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9196
Exploit, Third Party Advisory x_refsource_misc
https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
Scores
CVSS v3
6.1
EPSS
0.0399
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
jsmol2wp_project/jsmol2wp
1.07
Published
Dec 25, 2018
Tracked Since
Feb 18, 2026