8 matches found
WordPress Landing Pages 1.8.4 Cross Site Scripting ( CVE-2015-4065 )
插件: https://downloads.wordpress.org/plugin/landing-pages.1.8.4.zip 漏洞文件位置在 shared/shortcodes/inbound-shortcodes.php Line 761 preview.php?sc=&post=' width="285" scrollbar='true' frameborder="0" id="inbound-shortcodes-preview" 从上述文件可以看到 GET 方式传过来的参数 post 直接输出到 html 中造成了XSS 触发 url 如下...
CVE-2015-4065
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...
CVE-2015-4065
Summary (CVE-2015-4065) : The WordPress Landing Pages plugin (versions before 1.8.5) contains an XSS vulnerability in shared/shortcodes/inbound-shortcodes.php. An authenticated remote user can inject arbitrary script/HTML via the post parameter passed to wp-admin/post-new.php, caused by echoing u...
CVE-2015-4065
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/landing-pages/ Active installs: 20,000+...
WordPress Landing Pages 1.8.4 Cross Site Scripting / SQL Injection Vulnerabilities
WordPress Landing Pages plugin version 1.8.4 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities
Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/landing-pages/ Active installs: 20,000+ Vulnerable version: 1.8.4 Fixed version: 1.8.5 CVE: CVE-2015-4064,...
WordPress Landing Pages 1.8.4 Cross Site Scripting / SQL Injection
Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/landing-pages/ Active installs: 20,000+ Vulnerable version: 1.8.4 Fixed version: 1.8.5 CVE: CVE-2015-4064,...