kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Document wordpress issues

Browse source
This commit is contained in:
Steve Wills 2017-09-29 15:17:49 +00:00
parent 3fea2451ab
commit e050fb72a9
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=450900
1 changed files with 49 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
security/vuxml/vuln.xml
View file

@ -58,6 +58,55 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="a48d4478-e23f-4085-8ae4-6b3a7b6f016b">
<topic>wordpress -- multiple issues</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>4.8.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>wordpress developers report:</p>
<blockquote cite="http://www.securityfocus.com/bid/100912">
<p>Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.</p>
<p>Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.</p>
<p>Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.</p>
<p>Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.</p>
<p>Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.</p>
<p>Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.</p>
<p>Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.securityfocus.com/bid/100912</url>
<url>https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/</url>
<url>https://core.trac.wordpress.org/changeset/41393</url>
<url>https://core.trac.wordpress.org/changeset/41395</url>
<url>https://core.trac.wordpress.org/changeset/41397</url>
<url>https://core.trac.wordpress.org/changeset/41412</url>
<url>https://core.trac.wordpress.org/changeset/41448</url>
<url>https://core.trac.wordpress.org/changeset/41457</url>
<url>https://wpvulndb.com/vulnerabilities/8911</url>
<url>https://wpvulndb.com/vulnerabilities/8912</url>
<url>https://wpvulndb.com/vulnerabilities/8913</url>
<url>https://wpvulndb.com/vulnerabilities/8914</url>
<cvename>CVE-2017-14718</cvename>
<cvename>CVE-2017-14719</cvename>
<cvename>CVE-2017-14720</cvename>
<cvename>CVE-2017-14721</cvename>
<cvename>CVE-2017-14722</cvename>
<cvename>CVE-2017-14724</cvename>
<cvename>CVE-2017-14726</cvename>
</references>
<dates>
<discovery>2017-09-23</discovery>
<entry>2017-09-29</entry>
</dates>
</vuln>
<vuln vid="1098a15b-b0f6-42b7-b5c7-8a8646e8be07">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>