PT-2017-15230 · Bestwebsoft · Google Maps+50
Chris Liu
·
Publicado
2017-05-22
·
Atualizado
2017-06-09
·
CVE-2017-2171
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Captcha versions prior to 4.3.0
Car Rental versions prior to 1.0.5
Contact Form Multi versions prior to 1.2.1
Contact Form versions prior to 4.0.6
Contact Form to DB versions prior to 1.5.7
Custom Admin Page versions prior to 0.1.2
Custom Fields Search versions prior to 1.3.2
Custom Search versions prior to 1.36
Donate versions prior to 2.1.1
Email Queue versions prior to 1.1.2
Error Log Viewer versions prior to 1.0.6
Facebook Button versions prior to 2.54
Featured Posts versions prior to 1.0.1
Gallery Categories versions prior to 1.0.9
Gallery versions prior to 4.5.0
Google +1 versions prior to 1.3.4
Google AdSense versions prior to 1.44
Google Analytics versions prior to 1.7.1
Google Captcha (reCAPTCHA) versions prior to 1.28
Google Maps versions prior to 1.3.6
Google Shortlink versions prior to 1.5.3
Google Sitemap versions prior to 3.0.8
Htaccess versions prior to 1.7.6
Job Board versions prior to 1.1.3
Latest Posts versions prior to 0.3
Limit Attempts versions prior to 1.1.8
LinkedIn versions prior to 1.0.5
Multilanguage versions prior to 1.2.2
PDF & Print versions prior to 1.9.4
Pagination versions prior to 1.0.7
Pinterest versions prior to 1.0.5
Popular Posts versions prior to 1.0.5
Portfolio versions prior to 2.4
Post to CSV versions prior to 1.3.1
Profile Extra versions prior to 1.0.7
PromoBar versions prior to 1.1.1
Quotes and Tips versions prior to 1.32
Re-attacher versions prior to 1.0.9
Realty versions prior to 1.1.0
Relevant - Related Posts versions prior to 1.2.0
Sender versions prior to 1.2.1
SMTP versions prior to 1.1.0
Social Buttons Pack versions prior to 1.1.1
Subscriber versions prior to 1.3.5
Testimonials versions prior to 0.1.9
Timesheet versions prior to 0.1.5
Twitter Button versions prior to 2.55
User Role versions prior to 1.5.6
Updater versions prior to 1.35
Visitors Online versions prior to 1.0.0
Zendesk Help Center versions prior to 1.0.5
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu, which is a cross-site scripting vulnerability.
Recommendations
As a temporary workaround, consider disabling the function to display the BestWebSoft menu until a patch is available.
Update Captcha to version 4.3.0 or later.
Update Car Rental to version 1.0.5 or later.
Update Contact Form Multi to version 1.2.1 or later.
Update Contact Form to version 4.0.6 or later.
Update Contact Form to DB to version 1.5.7 or later.
Update Custom Admin Page to version 0.1.2 or later.
Update Custom Fields Search to version 1.3.2 or later.
Update Custom Search to version 1.36 or later.
Update Donate to version 2.1.1 or later.
Update Email Queue to version 1.1.2 or later.
Update Error Log Viewer to version 1.0.6 or later.
Update Facebook Button to version 2.54 or later.
Update Featured Posts to version 1.0.1 or later.
Update Gallery Categories to version 1.0.9 or later.
Update Gallery to version 4.5.0 or later.
Update Google +1 to version 1.3.4 or later.
Update Google AdSense to version 1.44 or later.
Update Google Analytics to version 1.7.1 or later.
Update Google Captcha (reCAPTCHA) to version 1.28 or later.
Update Google Maps to version 1.3.6 or later.
Update Google Shortlink to version 1.5.3 or later.
Update Google Sitemap to version 3.0.8 or later.
Update Htaccess to version 1.7.6 or later.
Update Job Board to version 1.1.3 or later.
Update Latest Posts to version 0.3 or later.
Update Limit Attempts to version 1.1.8 or later.
Update LinkedIn to version 1.0.5 or later.
Update Multilanguage to version 1.2.2 or later.
Update PDF & Print to version 1.9.4 or later.
Update Pagination to version 1.0.7 or later.
Update Pinterest to version 1.0.5 or later.
Update Popular Posts to version 1.0.5 or later.
Update Portfolio to version 2.4 or later.
Update Post to CSV to version 1.3.1 or later.
Update Profile Extra to version 1.0.7 or later.
Update PromoBar to version 1.1.1 or later.
Update Quotes and Tips to version 1.32 or later.
Update Re-attacher to version 1.0.9 or later.
Update Realty to version 1.1.0 or later.
Update Relevant - Related Posts to version 1.2.0 or later.
Update Sender to version 1.2.1 or later.
Update SMTP to version 1.1.0 or later.
Update Social Buttons Pack to version 1.1.1 or later.
Update Subscriber to version 1.3.5 or later.
Update Testimonials to version 0.1.9 or later.
Update Timesheet to version 0.1.5 or later.
Update Twitter Button to version 2.55 or later.
Update User Role to version 1.5.6 or later.
Update Updater to version 1.35 or later.
Update Visitors Online to version 1.0.0 or later.
Update Zendesk Help Center to version 1.0.5 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Captcha
Car Rental
Contact Form
Contact Form Multi
Contact Form To Db
Custom Admin Page
Wp Custom Fields Search
Custom Search
Idonate
Email Queue
Error Log Viewer
Facebook Button
Featured Posts
Gallery
Gallery Categories
Google +1
Google Adsense
Google Analytics
Google Captcha
Google Maps
Google Shortlink
Google Sitemap
Htaccess
Job Board
Wp Latest Posts
Limit Attempts
Linkedin
Multilanguage
Pdf & Print
Pagination
Pinterest
Popular Posts
Wportfolio
Post To Csv
Profile Extra
Promobar
Quotes/Tips
Re-Attacher
Realty
Relevant - Related Posts
Smtp
Sender
Social Buttons Pack
Subscriber
Testimonials
Timesheet
Wp Twitter Button
Updater
User Role
Visitors-Online
Zendesk Help Center