Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61558
HistoryFeb 25, 2014 - 12:00 a.m.

WordPress Media File Renamer插件多个HTML注入漏洞

2014-02-2500:00:00
Root
www.seebug.org
16

EPSS

0.001

Percentile

40.0%

JSON

Bugtraq ID:65715
CVE ID:CVE-2014-2040

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

WordPress Media File Renamer插件多个脚本不正确过滤用户提交的数据,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。
0
WordPress Media File Renamer V1.7.0
目前没有详细解决方案提供:
http://www.meow.fr/media-file-renamer/


                                                If a user with permission to add media or edit media uploads a file with "<script>alert(1)</script>" as the title they can XSS the site admin user.

Related

cvelist 1
packetstorm 1
prion 1
cve 1
wpvulndb 1
patchstack 1
nvd 1
securityvulns 1
cvelist
cvelist
CVE-2014-2040
2014-03-03 18:00:00
packetstorm
packetstorm
WordPress Media File Renamer 1.7.0 Cross Site Scripting
2014-02-25 00:00:00
prion
prion
Cross site scripting
2014-03-03 18:55:00
cve
cve
CVE-2014-2040
2014-03-03 18:55:03
wpvulndb
wpvulndb
Media File Renamer <= 1.7.0 - Stored Cross-Site Scripting (XSS)
2014-01-31 00:00:00
patchstack
patchstack
WordPress Media File Renamer Plugin <= 1.7.0 - Multiple XSS
2014-02-19 00:00:00
nvd
nvd
CVE-2014-2040
2014-03-03 18:55:03
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-05 00:00:00

EPSS

0.001

Percentile

40.0%

JSON
Related for SSV:61558
cvelist1packetstorm1prion1cve1wpvulndb1patchstack1nvd1securityvulns1