WordPress – Cross-Site Scripting (XSS) in Shortcode Previews
Description: WordPress before version 5.2.3 allows XSS in shortcode previews, which gives attackers chances to compromise the victim’s web server.
Threat: An attacker who exploited the vulnerability could potentially be able to execute arbitrary JavaScript/HTML code in the browser of victims who access the compromised page.
Criticality: Medium
Update/Patch: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Adobe Flash Player – Arbitrary Code Execution Vulnerability
Description: Adobe Flash Player Desktop Runtime and for Chrome 32.0.0.238 and earlier versions, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability.
Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.
Criticality: Medium
Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
Windows Transaction Manager – Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. an attacker would first have to log on to the system, and then run a specially crafted application.
Threat: An attacker who exploited the vulnerability could potentially read data that was not intended to be disclosed.
Criticality: High
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219
0 Comments