cnvd - cnvd-2017-06939

cnvd-2017-06939

Vulnerability from cnvd

Title

WordPress MaxButtons插件跨站脚本漏洞

Description

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。MaxButtons和MaxButtons Pro是其中不同版本的按钮生成器插件。 WordPress MaxButtons 6.19之前的版本和MaxButtons Pro 6.19之前的版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞在用户Web浏览器中执行任意代码。

Severity

中

Patch Name

WordPress MaxButtons插件跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://wordpress.org/plugins/maxbuttons/#developers

Reference

http://jvndb.jvn.jp/jvndb/JVNDB-2017-000093

Impacted products

Name
['WordPress MaxButtons Pro <=6.19', 'WordPress MaxButtons <=6.19']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2169"
    }
  },
  "description": "WordPress\u662fWordPress\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002MaxButtons\u548cMaxButtons Pro\u662f\u5176\u4e2d\u4e0d\u540c\u7248\u672c\u7684\u6309\u94ae\u751f\u6210\u5668\u63d2\u4ef6\u3002\r\n\r\nWordPress MaxButtons 6.19\u4e4b\u524d\u7684\u7248\u672c\u548cMaxButtons Pro 6.19\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237Web\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Max Foundry, LLC.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wordpress.org/plugins/maxbuttons/#developers",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06939",
  "openTime": "2017-05-18",
  "patchDescription": "WordPress\u662fWordPress\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002MaxButtons\u548cMaxButtons Pro\u662f\u5176\u4e2d\u4e0d\u540c\u7248\u672c\u7684\u6309\u94ae\u751f\u6210\u5668\u63d2\u4ef6\u3002\r\n\r\nWordPress MaxButtons 6.19\u4e4b\u524d\u7684\u7248\u672c\u548cMaxButtons Pro 6.19\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237Web\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress MaxButtons\u63d2\u4ef6\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "WordPress MaxButtons Pro \u003c=6.19",
      "WordPress MaxButtons \u003c=6.19"
    ]
  },
  "referenceLink": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000093",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-17",
  "title": "WordPress MaxButtons\u63d2\u4ef6\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2017-2169 (GCVE-0-2017-2169)

Vulnerability from cvelistv5

Published

2017-05-22 16:00

Modified

2024-08-05 13:48

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL

Tags

	https://wordpress.org/plugins/maxbuttons/#developers	x_refsource_CONFIRM
	https://jvn.jp/en/jp/JVN70411623/index.html	third-party-advisory, x_refsource_JVN
	http://jvndb.jvn.jp/jvndb/JVNDB-2017-000093	third-party-advisory, x_refsource_JVNDB

Impacted products

Vendor

Product

Version

Max Foundry

MaxButtons

Version: prior to version 6.19

Max Foundry

MaxButtons Pro