漏洞标题
WordPress BA Plus 插件版本 <= 1.0.3 可能受到跨站脚本(XSS)攻击。
漏洞描述信息
Aluka BA Plus - 网页生成过程中的输入不正确 ('跨站点漏洞') 漏洞影响 Aluka BA Plus - Before & After Image Slider FREE:从 n/a 到 1.0.3。
This vulnerability is called 'Cross-site Scripting' or XSS, which can allow an attacker to execute malicious scripts on a victim's web page. The Before & After Image Slider FREE version of Aluka BA Plus may be affected by this vulnerability, allowing an attacker to inject malicious code into the web page and potentially steal sensitive information or take control of the user's session.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
WordPress BA Plus Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
漏洞描述信息
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
WordPress plugin BA Plus 跨站脚本漏洞
漏洞描述信息
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin BA Plus 存在跨站脚本漏洞,该漏洞源于输入不当中和。
CVSS信息
N/A
漏洞类别
跨站脚本