Thimo Grauerholz WP-Spreadplugin जोपर्यंत 3.8.6.1 वर WordPress spreadplugin.php क्रॉस साइट स्क्रिप्टिंग

एक दुर्बलता जी समस्याग्रस्त म्हणून ओळखली गेली आहे, ती Thimo Grauerholz WP-Spreadplugin जोपर्यंत 3.8.6.1 वर WordPress मध्ये सापडली आहे. संबंधित आहे अज्ञात फंक्शन फाइल spreadplugin.php च्या. सॉफ्टवेअरमध्ये Spreadplugin या आर्ग्युमेंटचे केलेले बदल क्रॉस साइट स्क्रिप्टिंग यास कारणीभूत ठरतात. CWE द्वारे समस्या जाहीर केल्यास CWE-79 येथे पोहोचता येते. ही दुर्बलता प्रकाशित झाली होती 21/04/2015 म्हणून a9b9afc641854698e80aa5dd9ababfc8e0e57d69. github.com या ठिकाणी सल्ला डाउनलोडसाठी उपलब्ध आहे. ही दुर्बलता CVE-2015-10132 म्हणून ओळखली जाते. हा हल्ला रिमोटली सुरू करता येऊ शकतो. तांत्रिक माहिती उपलब्ध आहे. यासाठी कोणताही एक्स्प्लॉइट उपलब्ध नाही. आत्ताच्या क्षणी सुमारे USD $0-$5k असण्याची शक्यता आहे. MITRE ATT&CK प्रकल्प T1059.007 या हल्ला तंत्रज्ञानाची घोषणा करतो. याला परिभाषित केलेले नाही असे घोषित करण्यात आले आहे. 0-डे म्हणून त्याची अंदाजित काळ्या बाजारातील किंमत $0-$5k एवढी होती. आवृत्ती 3.8.6.6 वर अद्ययावत केल्याने ही समस्या सोडवता येऊ शकते. नवीन आवृत्ती डाउनलोडसाठी github.com येथे तयार आहे. पॅचचे नाव a9b9afc641854698e80aa5dd9ababfc8e0e57d69 आहे. बगफिक्स डाउनलोडसाठी github.com येथे उपलब्ध आहे. प्रभावित घटकाचा अपग्रेड करण्याची शिफारस केली जाते. Once again VulDB remains the best source for vulnerability data.

4 बदल · 85 डेटा पॉइंट्स

शेततयार केली
20/04/2024 05:13 PM		अद्ययावत 1/3
28/05/2024 11:43 AM		अद्ययावत 2/3
28/05/2024 11:51 AM		अद्ययावत 3/3
04/04/2025 04:59 PM
software_vendorThimo GrauerholzThimo GrauerholzThimo GrauerholzThimo Grauerholz
software_nameWP-SpreadpluginWP-SpreadpluginWP-SpreadpluginWP-Spreadplugin
software_version<=3.8.6.1<=3.8.6.1<=3.8.6.1<=3.8.6.1
software_platformWordPressWordPressWordPressWordPress
software_filespreadplugin.phpspreadplugin.phpspreadplugin.phpspreadplugin.php
software_argumentSpreadpluginSpreadpluginSpreadpluginSpreadplugin
vulnerability_cweCWE-79 (क्रॉस साइट स्क्रिप्टिंग)CWE-79 (क्रॉस साइट स्क्रिप्टिंग)CWE-79 (क्रॉस साइट स्क्रिप्टिंग)CWE-79 (क्रॉस साइट स्क्रिप्टिंग)
vulnerability_risk1111
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_uiRRRR
cvss3_vuldb_sUUUU
cvss3_vuldb_cNNNN
cvss3_vuldb_iLLLL
cvss3_vuldb_aNNNN
cvss3_vuldb_rlOOOO
cvss3_vuldb_rcCCCC
advisory_date1429567200 (21/04/2015)1429567200 (21/04/2015)1429567200 (21/04/2015)1429567200 (21/04/2015)
advisory_identifiera9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69
advisory_urlhttps://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69
countermeasure_nameअपग्रेड कराअपग्रेड कराअपग्रेड कराअपग्रेड करा
countermeasure_date1429567200 (21/04/2015)1429567200 (21/04/2015)1429567200 (21/04/2015)1429567200 (21/04/2015)
upgrade_version3.8.6.63.8.6.63.8.6.63.8.6.6
countermeasure_upgrade_urlhttps://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6https://github.com/wp-plugins/wp-spreadplugin/releases/tag/3.8.6.6
patch_namea9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69a9b9afc641854698e80aa5dd9ababfc8e0e57d69
countermeasure_patch_urlhttps://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9afc641854698e80aa5dd9ababfc8e0e57d69
countermeasure_advisoryquoteOne XSS vulnerability fixedOne XSS vulnerability fixedOne XSS vulnerability fixedOne XSS vulnerability fixed
source_cveCVE-2015-10132CVE-2015-10132CVE-2015-10132CVE-2015-10132
cna_responsibleVulDBVulDBVulDBVulDB
software_typeWordPress PluginWordPress PluginWordPress PluginWordPress Plugin
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciNNNN
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiNNNN
cvss2_vuldb_rcCCCC
cvss2_vuldb_rlOFOFOFOF
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_vcNNNN
cvss4_vuldb_viLLLL
cvss4_vuldb_vaNNNN
cvss2_vuldb_auSSSS
cvss2_vuldb_eNDNDNDND
cvss3_vuldb_prLLLL
cvss3_vuldb_eXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_prLLLL
cvss4_vuldb_uiNNNP
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss4_vuldb_eXXXX
cvss2_vuldb_basescore4.04.04.04.0
cvss2_vuldb_tempscore3.53.53.53.5
cvss3_vuldb_basescore3.53.53.53.5
cvss3_vuldb_tempscore3.43.43.43.4
cvss3_meta_basescore3.53.53.53.5
cvss3_meta_tempscore3.43.43.43.4
cvss4_vuldb_bscore5.35.35.35.1
cvss4_vuldb_btscore5.35.35.35.1
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
cve_assigned1713564000 (20/04/2024)1713564000 (20/04/2024)1713564000 (20/04/2024)
cve_nvd_summaryA vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676.A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676.A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676.
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss2_nvd_basescore4.04.0
cvss3_cna_basescore3.53.5

मागील बाजूससिंहावलोकनपुढील

Do you know our Splunk app?

Download it now for free!