CVE-2017-9063
CVSS4.3
发布时间 :2017-05-18 10:29:00
修订时间 :2017-11-03 21:29:55
NMP    

[原文]In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9063
(官方数据源) NVD

- 其它链接及资源

http://www.debian.org/security/2017/dsa-3870
(UNKNOWN)  DEBIAN  DSA-3870
http://www.securityfocus.com/bid/98509
(VENDOR_ADVISORY)  BID  98509
http://www.securitytracker.com/id/1038520
(UNKNOWN)  SECTRACK  1038520
https://codex.wordpress.org/Version_4.7.5
(PATCH)  CONFIRM  https://codex.wordpress.org/Version_4.7.5
https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
(PATCH)  CONFIRM  https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
https://wordpress.org/news/2017/05/wordpress-4-7-5/
(VENDOR_ADVISORY)  CONFIRM  https://wordpress.org/news/2017/05/wordpress-4-7-5/
https://wpvulndb.com/vulnerabilities/8820
(UNKNOWN)  MISC  https://wpvulndb.com/vulnerabilities/8820

- 漏洞信息 (F142776)

Debian Security Advisory 3870-1 (PacketStormID:F142776)
2017-06-01 00:00:00
Debian  debian.org
advisory,remote,web,vulnerability,xss,csrf
linux,debian
CVE-2017-8295,CVE-2017-9061,CVE-2017-9062,CVE-2017-9063,CVE-2017-9064,CVE-2017-9065
[点击下载]

Debian Linux Security Advisory 3870-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3870-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 01, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 
                 CVE-2017-9064 CVE-2017-9065
Debian Bug     : 862053 862816

Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to force password resets, and
perform various cross-site scripting and cross-site request forgery
attacks.

For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u13.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 4.7.5+dfsg-1.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlkvpGwACgkQEL6Jg/PV
nWQkLAgAmoAZZuY1ZY64nBpuZAA+su3YIkX0a9c0HZRv1FkPuACQhCNUjjVeLhRp
gxvq5sxOFaiv0fjT4bm07yUXDbGA0jnN5yADC9A7qLDl44c7bvm8TShAJL+W4Ju9
CccAYnJglPreCKbQajnQGCRaSRDZfouV8woT9qrYHuDYqBf1W3xaJJiAYAe2jxFm
RavqRkbbLBwAQxxNuETTvFWejf41vWW3DIGdEEWuopgz9qlINL8WUtldutQ0dGOt
+bDpfeCaS5VTvQWGKovWqioH2c10WNvVPLHMukuEjN2/xOXC2n5kchbmPSq3Pk6U
ffMwHsIlvGvvEHOXe45rOp102/JWoQ==
=bhTB
-----END PGP SIGNATURE-----
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站