Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Roots soil Plugin CleanUpModule.php language_attributes cross site scripting
Vulnerability Description
A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Soil 跨站脚本漏洞
Vulnerability Description
Soil是Roots开源的一个 WordPress 插件。用于应用主题无关的前端修改。 Soil 4.1.0 之前版本存在跨站脚本漏洞,该漏洞源于文件 src/Modules/CleanUpModule.php 的函数 language_attributes,参数language的操纵导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A