|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-13 | |
| Rule Name: | WordPress Easing Slider Plugin Cross-site scripting Vulnerability -2 (CVE-2015-1436) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:72572 http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534680/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/100861 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://wordpress.org/plugins/easing-slider/changelog/ |