+ Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. + Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. + Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. + Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. + Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. + Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. + Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. + Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. + Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. QUICK GUIDE TO ADDING A NEW -58,6 +58,6831 Do not forget port variants (linux-f10-libxml2, libxml2, etc.) +++ trunk/security/vuxml/vuln.xml 17:52:37 UTC (rev -28,7 +28,7 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,ĮVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Next message (by thread): mports trunk/devel/libsoup: libsoup 2.52.2.Previous message (by thread): mports trunk/security/wolfssl: wolfssl 3.12.2.mports trunk/security/vuxml/vuln.xml: update vulnerability list laffer1 at laffer1 at Mports trunk/security/vuxml/vuln.xml: update vulnerability list
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |