chrisy TFO Graphviz Plugin 直到1.9 于 WordPress tfo-graphviz-admin.php admin_page_load/admin_page 跨网站脚本

chrisy TFO Graphviz Plugin 直到1.9 中曾发现分类为棘手的漏洞。 受此问题影响的是功能admin_page_load/admin_page文件:tfo-graphviz-admin.php。 手动调试的不合法输入可导致 跨网站脚本。 使用CWE来声明会导致 CWE-79 的问题。 此漏洞的脆弱性 2015-05-24公示人身份594c953a345f79e26003772093b0caafc14b92c2、所公布。 公告共享下载网址是github.com。 该漏洞被处理的名称为CVE-2015-10131, 可以发起远程攻击, 有技术细节可用。 没有可利用漏洞。 漏洞利用的当前现价为美元计算大致为USD $0-$5k。 MITRE ATT&CK项目声明攻击技术为T1059.007。 它被宣布为未定义。 估计零日攻击的地下价格约为$0-$5k。 升级到版本1.10能够解决此问题。 更新版本下载地址为 github.com。 补丁名称为594c953a345f79e26003772093b0caafc14b92c2。 错误修复程序下载地址为github.com, 建议对受到影响的组件升级。 该漏洞被披露后,立即发表过可能的缓解措施。

时间轴

用户

146

字段

vulnerability_cvss3_cna_basescore1
vulnerability_cvss2_nvd_basescore1
source_cve_cna1
vulnerability_cvss3_cna_a1
vulnerability_cvss3_cna_i1

Commit Conf

90%36
70%28
50%11
80%6

Approve Conf

90%36
80%28
70%17
ID已提交用户字段更改备注已接受地位C
162339852024-05-07VulD...cvss3_cna_basescore3.5see CVSS documentation2024-05-07已接受
80
162339842024-05-07VulD...cvss2_nvd_basescore4.0nist.gov2024-05-07已接受
80
162339832024-05-07VulD...cve_cnaVulDBnvd.nist.gov2024-05-07已接受
70
162339822024-05-07VulD...cvss3_cna_aNnvd.nist.gov2024-05-07已接受
70
162339812024-05-07VulD...cvss3_cna_iLnvd.nist.gov2024-05-07已接受
70
162339802024-05-07VulD...cvss3_cna_cNnvd.nist.gov2024-05-07已接受
70
162339792024-05-07VulD...cvss3_cna_sUnvd.nist.gov2024-05-07已接受
70
162339782024-05-07VulD...cvss3_cna_uiRnvd.nist.gov2024-05-07已接受
70
162339772024-05-07VulD...cvss3_cna_prLnvd.nist.gov2024-05-07已接受
70
162339762024-05-07VulD...cvss3_cna_acLnvd.nist.gov2024-05-07已接受
70
162339752024-05-07VulD...cvss3_cna_avNnvd.nist.gov2024-05-07已接受
70
162339742024-05-07VulD...cvss2_nvd_aiNnvd.nist.gov2024-05-07已接受
70
162339732024-05-07VulD...cvss2_nvd_iiPnvd.nist.gov2024-05-07已接受
70
162339722024-05-07VulD...cvss2_nvd_ciNnvd.nist.gov2024-05-07已接受
70
162339712024-05-07VulD...cvss2_nvd_auSnvd.nist.gov2024-05-07已接受
70
162339702024-05-07VulD...cvss2_nvd_acLnvd.nist.gov2024-05-07已接受
70
162339692024-05-07VulD...cvss2_nvd_avNnvd.nist.gov2024-05-07已接受
70
162339682024-05-07VulD...cve_nvd_summaryA vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620.cve.mitre.org2024-05-07已接受
70
162339672024-05-07VulD...cve_assigned1711666800 (2024-03-29)cve.mitre.org2024-05-07已接受
70
158538652024-03-29VulD...price_0day$0-$5ksee exploit price documentation2024-03-29已接受
80

61 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 61 results.

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!