Logo
Explore Help
Sign In
admin/cve
1
0
Fork 0
You've already forked cve
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-16520.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

1.1 KiB
Raw Blame History

CVE-2019-16520

Description

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

POC

Reference

  • http://www.openwall.com/lists/oss-security/2019/10/16/5
  • http://www.openwall.com/lists/oss-security/2019/10/16/5
  • https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack
  • https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack
  • https://wpvulndb.com/vulnerabilities/9915
  • https://wpvulndb.com/vulnerabilities/9915

Github

  • https://github.com/SexyBeast233/SecBooks
Powered by Gitea Version: 1.23.1 Page: 488ms Template: 9ms
English
Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語 简体中文 繁體中文(台灣) 繁體中文(香港) 한국어
Licenses API