Hillstone Networks

RULE（RULE ID：321829）

Rule General Information


Release Date:		2019-06-13

Rule Name:		qTranslate WordPress Plugin Cross-Site Scripting Vulnerability (CVE-2015-5535)

Severity:

CVE ID:

Rule Protection Details


Description:		Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.

Impact:		An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.

Affected OS:		Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others

Reference:		http://packetstormsecurity.com/files/132916/WordPress-qTranslate-2.5.39-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536102/100/0/threaded https://wpvulndb.com/vulnerabilities/8120 https://www.htbridge.com/advisory/HTB23265

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://wordpress.org/plugins/qtranslate/