Описание
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wordpress | fixed | 4.2.4+dfsg-1 | package | |
| wordpress | fixed | 4.1+dfsg-1+deb8u1 | jessie | package |
| wordpress | fixed | 3.6.1+dfsg-1~deb7u6 | wheezy | package |
| wordpress | fixed | 3.6.1+dfsg-1~deb6u6 | squeeze | package |
Примечания
For jessie and wheezy the fix was already contained
in a previous update. The the same was included in
the fix with cs32176_dashboard_esc_titles
but the issue apparently later reintroduced
https://core.trac.wordpress.org/changeset/33540
https://core.trac.wordpress.org/changeset/33541
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.