WordPress – Cross-Site Scripting (XSS) in Shortcode Previews

 

Description: WordPress before version 5.2.3 allows XSS in shortcode previews, which gives attackers chances to compromise the victim’s web server.

Threat: An attacker who exploited the vulnerability could potentially be able to execute arbitrary JavaScript/HTML code in the browser of victims who access the compromised page.

Criticality: Medium

Update/Patch: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/

 

Adobe Flash Player – Arbitrary Code Execution Vulnerability

 

Description: Adobe Flash Player Desktop Runtime and for Chrome 32.0.0.238 and earlier versions, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability.

Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.

Criticality: Medium

Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-46.html

 

Windows Transaction Manager – Information Disclosure Vulnerability

 

Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. an attacker would first have to log on to the system, and then run a specially crafted application.

Threat:  An attacker who exploited the vulnerability could potentially read data that was not intended to be disclosed.

Criticality: High

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.


You have Successfully Subscribed!

Share This