Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exis...

CVE-2012-6692

Cross-site scripting XSS vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the posttitle parameter to wp-admin/post-new.php, which is not properly handled in the snippet preview...

Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS

The "snippet preview" functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2. PoC Vulnerable URL: /wp-admin/post-new.php?posttitle= Vulnerable Code wordpress-seo/js/wp-seo-metabox.js: function ystcleanstr if str == '' || str == undefined...