漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Breeze Cache < 2.5.6 - Unauthenticated Stored XSS via Minify Library
Vulnerability Description
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Breeze Cache 跨站脚本漏洞
Vulnerability Description
cloudways Breeze Cache是cloudways的消息队列中间件。 WordPress Breeze Cache 2.5.6之前版本存在跨站脚本漏洞,该漏洞源于HTML压缩过程中使用可预测的替换哈希且滥用正则表达式,可能导致未经身份验证的攻击者通过预测占位符格式在最终HTML输出中注入任意HTML属性,造成存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A