漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
Vulnerability Description
The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress plugin 跨站脚本漏洞
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 Wordpress Plugin Simple Download Monitor 中存在跨站脚本漏洞,该漏洞源于。3.9.11之前的简单下载监视器WordPress插件可以允许角色低至Contributor的用户通过1)执行存储跨站点脚本攻击"color"或"css类"参数的SDM下载shortcode, 2)"class"或"placeholder"参数的SDM搜索形式shortcode。
CVSS Information
N/A
Vulnerability Type
N/A