PT-2018-12212 · WordPress · All In One Favicon

Javier Olmedo

Published

2018-07-16

Updated

2018-09-13

CVE-2018-13832

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions All In One Favicon plugin version 4.6

Description The issue concerns multiple persistent cross-site scripting (XSS) problems. Remote attackers can inject arbitrary web script or HTML via specific text fields, including Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.

Recommendations For All In One Favicon plugin version 4.6, update to a version that addresses these XSS issues to prevent remote attackers from injecting arbitrary web script or HTML.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-13832

Affected Products

All In One Favicon

PT-2018-12212 · WordPress · All In One Favicon

CVE-2018-13832

Weakness Enumeration

Related Identifiers

Affected Products

References · 4