Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61466
HistoryFeb 18, 2014 - 12:00 a.m.

Wordpress Buddypress插件'name'字段HTML注入漏洞

2014-02-1800:00:00
Root
www.seebug.org
17

0.003 Low

EPSS

Percentile

64.6%

JSON

Bugtraq ID:65555
CVE ID:CVE-2014-1888

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

Wordpress plugin Buddypress插件不正确过滤’name’字段数据,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。
0
Wordpress plugin Buddypress <= 1.9.1
厂商补丁:

Wordpress

Wordpress plugin Buddypress 1.9.2已经修复该漏洞,建议用户下载更新:
http://buddypress.org


                                                1) create a group named as follows: name&quot; onmouseover=&quot;alert('xss')
2) visiting this
url:http://example.com/groups/create/step/group-details/Â causes the
alert to show on mouse over the group name field

Related

packetstorm 1
securityvulns 2
patchstack 1
wpvulndb 1
zdt 1
prion 1
cve 1
packetstorm
packetstorm
WordPress Buddypress 1.9.1 Cross Site Scripting
2014-02-14 00:00:00
securityvulns
securityvulns
Wordpress plugin Buddypress &lt;= 1.9.1 stored xss vulnerability
2014-05-05 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-05 00:00:00
patchstack
patchstack
WordPress BuddyPress Plugin <= 1.9.1 - XSS
2014-02-07 00:00:00
wpvulndb
wpvulndb
Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
2014-08-01 10:58:44
zdt
zdt
WordPress Buddypress 1.9.1 Cross Site Scripting Vulnerability
2014-02-15 00:00:00
prion
prion
Cross site scripting
2014-03-01 00:01:00
cve
cve
CVE-2014-1888
2014-03-01 00:01:00

0.003 Low

EPSS

Percentile

64.6%

JSON
Related for SSV:61466
packetstorm1securityvulns2patchstack1wpvulndb1zdt1prion1cve1