漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS
Vulnerability Description
The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will be executed in the context of a logged in administrator.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress 插件跨站脚本漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin Smash Balloon Social Post Feed 存在跨站脚本漏洞,该漏洞源于在2.19.2之前的Smash Balloon Social Post Feed WordPress插件不会在它的 feed_locator AJAX 操作(经过身份验证和未经身份验证的用户都可用)中清理或转义 feedID
CVSS Information
N/A
Vulnerability Type
N/A