摘要:
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
安全等级: Low
公告ID: KylinSec-SA-2023-1035
发布日期: 2023年2月6日
关联CVE: CVE-2022-4478
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-4478 | KY3.4-4A | fontawesome-fonts | Unaffected |
| CVE-2022-4478 | KY3.4-5 | fontawesome-fonts | Unaffected |
| CVE-2022-4478 | KY3.5.1 | fontawesome-fonts | Unaffected |
| CVE-2022-4478 | KY3.5.2 | fontawesome-fonts | Unaffected |
