WordPress Broken Link Checker Plugin Cross-Site Scripting Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Crítico
Fecha recomendada: 21 de julio de 2015
Descripción
There exists a persistent stored cross site scripting vulnerability, also known as a stored XSS, in the Broken Link Checker. Stored XSS occurs when a web application gathers potentially malicious input from a user and then stores it on the site. This vulnerability can be used by attackers to obtain a crafted link with malicious payload via the post / comment fields. The JavaScript code is executed when the site administrator attempts to enter the Broken Link Checker control panel.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000552