漏洞标题
页面浏览计数<2.4.9 - 组件+存储型跨站脚本
漏洞描述信息
页面查看次数 < 2.4.9 - Contributor+ 存储型跨站脚本攻击
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Page View Counts < 2.4.9 - Contributor+ Stored XSS
漏洞描述信息
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.
CVSS信息
N/A
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
WordPress 跨站脚本漏洞
漏洞描述信息
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 2.4.9 之前的Page View Count 插件存在跨站脚本漏洞,该漏洞该插件没有转义pvc_stats 短代码的postid 参数,该漏洞允许低至Contributor 角色的用户进行存储型XSS 攻击。
CVSS信息
N/A
漏洞类别
跨站脚本