CVE-2017-14725
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
Source: CVE-2017-14725
[월:] 2017년 09월
CVE-2017-14627
CVE-2017-14627
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
Source: CVE-2017-14627
CVE-2017-14726
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Source: CVE-2017-14726
CVE-2017-14718
CVE-2017-14718
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Source: CVE-2017-14718
CVE-2017-14724
CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
Source: CVE-2017-14724
CVE-2017-14722
CVE-2017-14722
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Source: CVE-2017-14722
CVE-2017-14723
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Source: CVE-2017-14723
CVE-2017-14714
CVE-2017-14714
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.
Source: CVE-2017-14714
CVE-2017-14712
CVE-2017-14712
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
Source: CVE-2017-14712
CVE-2017-14713
CVE-2017-14713
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.
Source: CVE-2017-14713