Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fruitful < 3.8.2 - Stored Cross-Site Scripting
Vulnerability Description
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress Theme Fruitful 跨站脚本漏洞
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。 WordPress Theme Fruitful 3.8.1版本及之前版本存在跨站脚本漏洞,该漏洞源于输入清理和输出转义不足,通过 fruitful_theme_options_action AJAX 接口存储的多个参数容易受到存储跨站点脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A