漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
APCu Manager < 4.5.0 - Unauthenticated Stored XSS via Cache Key Pollution
Vulnerability Description
The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input (e.g. a transient name created by another APCu Manager WordPress plugin before 4.5.0 from an unauthenticated request) are output without escaping and execute arbitrary JavaScript in the session of an administrator viewing the page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pierre Lannoy APCu Manager 跨站脚本漏洞
Vulnerability Description
Pierre Lannoy APCu Manager是Pierre Lannoy个人开发者的一款PHP缓存管理工具。 Pierre Lannoy APCu Manager 4.5.0之前版本存在跨站脚本漏洞,该漏洞源于未对APCu对象缓存键进行清理和转义就渲染,导致存储型跨站脚本攻击。当启用持久化对象缓存时,未经清理的用户输入(如未经验证的请求创建的临时名称)生成的缓存键在输出时未转义,可在查看页面的管理员会话中执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A