|漏洞详情 WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WP Lead Plus X是使用在其中的一个支持构建登录等页面的页面构建器。 WordPress WP Lead Plus X 0.98及之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。 |参考资料 来源:MISC 链接:https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/ 来源:nvd.nist.gov...
来源:MISC 链接:https://wordpress.org/plugins/idx-broker-platinum/#developers 来源:MISC 链接:https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-9514 Source link
来源:CONFIRM 链接:https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/58f3cc03d5f81cd5cc2ad8c7ba645cc486cebc05 来源:MISC 链接:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-8638 Source link
|漏洞详情 WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。OneTone theme是使用在其中的一个响应式的网站主题插件。 WordPress OneTone theme 3.0.6及之前版本的includes/theme-functions.php文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。 |参考资料 来源:MISC 链接:https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2019-17231 Source link
来源:MISC 链接:https://github.com/Leantime/leantime/pull/181 来源:CONFIRM 链接:https://github.com/Leantime/leantime/security/advisories/GHSA-ww6x-rhvp-55hp 来源:MISC 链接:https://github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875f231f 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-5292 Source link
|漏洞详情 Micro Focus Service Manager是英国Micro Focus公司的一套服务台软件。该软件可支撑部署一套全面的IT服务管理(ITSM)系统,并将管理流程标准化。 Micro Focus SMA中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。以下产品及版本受到影响:Micro Focus SMA 2019.08版本,2019.05版本,2019.02版本,2018.08版本,2018.05版本,2018.02版本。 |参考资料 来源:MISC 链接:https://softwaresupport.softwaregrp.com/doc/KM03630615...
来源:MISC 链接:https://wordpress.org/plugins/wpforms-lite/#developers 来源:MISC 链接:https://packetstormsecurity.com/files/156874/WordPress-WPForms-1.5.9-Cross-Site-Scripting.html 来源:MISC 链接:https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/ 来源:MISC 链接:https://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin/ 来源:MISC 链接:https://wpvulndb.com/vulnerabilities/10114 来源:www.exploit-db.com 链接:https://www.exploit-db.com/exploits/48245 来源:packetstormsecurity.com 链接:https://packetstormsecurity.com/files/156874/WordPress-WPForms-1.5.9-Cross-Site-Scripting.html 来源:nvd.nist.gov...
|漏洞详情 WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。LearnPress是使用在其中的一个学习管理系统插件。 WordPress LearnPress 3.2.6.5及之前版本中的class-lp-admin-ajax.php文件的be_teacher存在安全漏洞。攻击者可借助wp-admin/admin-ajax.php?action=learnpress_be_teacher URI利用该漏洞无需权限检查便可获取教师角色,访问被限制的数据。 |参考资料 来源:CONFIRM 链接:https://wordpress.org/plugins/learnpress/#developers 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-7916 Source link
来源:MISC 链接:https://www.exploit-db.com/exploits/33394 来源:MISC 链接:http://community.invisionpower.com/topic/300051-invision-power-board-305-released/ 来源:MISC 链接:https://www.securityfocus.com/bid/37263/info 来源:MISC 链接:https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2009-5159 Source link
来源:MISC 链接:https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/ 来源:MISC 链接:https://wpvulndb.com/vulnerabilities/10127 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-10196 Source link
Page 1 of 31 2 3