CVE-2017-14313

Опубликовано: 12 сент. 2017

Источник: debian

Описание

The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wordpress-shibboleth	fixed	1.8-1		package

Примечания

https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/

Связанные уязвимости

CVE-2017-14313

CVSS3: 6.1

ubuntu

больше 8 лет назад

The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().

CVE-2017-14313

CVSS3: 6.1

nvd

больше 8 лет назад

The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().

GHSA-h754-63f2-6hjc

CVSS3: 6.1

github

больше 3 лет назад

The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().