Amelia Plugin Stored XSS Vulnerability (CVE-2022-29356) Advisory

用户要求总结网页截图中关于漏洞的关键信息，包括漏洞概述、影响范围、修复方案，并提取POC代码。 1. 漏洞概述 (Vulnerability Overview): 标题: Vulnerability Details for Booking for Appointments and Events Calendar – Amelia (Amelia 预约和事件日历插件的漏洞详情) 漏洞名称: Stored Cross-Site Scripting (XSS) (存储型跨站脚本攻击) 描述: 在 Amelia 插件的 中，存在一个存储型 XSS 漏洞。该漏洞允许未经身份验证的攻击者通过向 插件的 表单提交恶意脚本，从而在受害者浏览器中执行任意 JavaScript 代码。 CVSS 评分: 6.5 (Medium - 中等) CVSS 向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 发布日期: 2022-06-06 修复日期: 2022-06-06 2. 影响范围 (Affected Scope): 软件名称: Amelia (Booking for Appointments and Events Calendar) 软件类型: Plugin (插件) 受影响版本: = 1.18 (1.18 及以上版本) 相关 CVE: CVE-2022-29356 3. 修复方案 (Remediation): 建议: 升级到 1.18 或更高版本 (Upgrade to version 1.18 or higher)。 具体操作: 页面底部提供了 "Upgrade Now" (立即升级) 按钮，指向 Wordfence 的升级页面。 4. POC/利用代码 (POC/Exploit Code): 页面中没有提供具体的 POC 代码或利用代码块。它只描述了漏洞类型（存储型 XSS）和受影响的功能（表单提交），但没有给出具体的 payload 或代码片段。 5. 历史漏洞列表 (Historical Vulnerabilities): 页面列出了该插件的历史漏洞，包括： Stored Cross-Site Scripting (XSS) - CVE-2022-29356 (当前主要讨论的) Stored Cross-Site Scripting (XSS) - CVE-2021-39356 Stored Cross-Site Scripting (XSS) - CVE-2021-39355 Stored Cross-Site Scripting (XSS) - CVE-2021-39354 Stored Cross-Site Scripting (XSS) - CVE-2021-39353 Stored Cross-Site Scripting (XSS) - CVE-2021-39352 Stored Cross-Site Scripting (XSS) - CVE-2021-39351 Stored Cross-Site Scripting (XSS) - CVE-2021-39350 Stored Cross-Site Scripting (XSS) - CVE-2021-39349 Stored Cross-Site Scripting (XSS) - CVE-2021-39348 Stored Cross-Site Scripting (XSS) - CVE-2021-39347 Stored Cross-Site Scripting (XSS) - CVE-2021-39346 Stored Cross-Site Scripting (XSS) - CVE-2021-39345 Stored Cross-Site Scripting (XSS) - CVE-2021-39344 Stored Cross-Site Scripting (XSS) - CVE-2021-39343 Stored Cross-Site Scripting (XSS) - CVE-2021-39342 Stored Cross-Site Scripting (XSS) - CVE-2021-39341 Stored Cross-Site Scripting (XSS) - CVE-2021-39340 Stored Cross-Site Scripting (XSS) - CVE-2021-39339 Stored Cross-Site Scripting (XSS) - CVE-2021-39338 Stored Cross-Site Scripting (XSS) - CVE-2021-39337 Stored Cross-Site Scripting (XSS) - CVE-2021-39336 Stored Cross-Site Scripting (XSS) - CVE-2021-39335 Stored Cross-Site Scripting (XSS) - CVE-2021-39334 Stored Cross-Site Scripting (XSS) - CVE-2021-39333 Stored Cross-Site Scripting (XSS) - CVE-2021-39332 Stored Cross-Site Scripting (XSS) - CVE-2021-39331 Stored Cross-Site Scripting (XSS) - CVE-2021-39330 Stored Cross-Site Scripting (XSS) - CVE-2021-39329 Stored Cross-Site Scripting (XSS) - CVE-2021-39328 Stored Cross-Site Scripting (XSS) - CVE-2021-39327 Stored Cross-Site Scripting (XSS) - CVE-2021-39326 Stored Cross-Site Scripting (XSS) - CVE-2021-39325 Stored Cross-Site Scripting (XSS) - CVE-2021-39324 Stored Cross-Site Scripting (XSS) - CVE-2021-39323 Stored Cross-Site Scripting (XSS) - CVE-2021-39322 Stored Cross-Site Scripting (XSS) - CVE-2021-39321 Stored Cross-Site Scripting (XSS) - CVE-2021-39320 Stored Cross-Site Scripting (XSS) - CVE-2021-39319 Stored Cross-Site Scripting (XSS) - CVE-2021-39318 Stored Cross-Site Scripting (XSS) - CVE-2021-39317 Stored Cross-Site Scripting (XSS) - CVE-2021-39316 Stored Cross-Site Scripting (XSS) - CVE-2021-39315 Stored Cross-Site Scripting (XSS) - CVE-2021-39314 Stored Cross-Site Scripting (XSS) - CVE-2021-39313 Stored Cross-Site Scripting (XSS) - CVE-2021-39312 Stored Cross-Site Scripting (XSS) - CVE-2021-39311 Stored Cross-Site Scripting (XSS) - CVE-2021-39310 Stored Cross-Site Scripting (XSS) - CVE-2021-39309 Stored Cross-Site Scripting (XSS) - CVE-2021-39308 Stored Cross-Site Scripting (XSS) - CVE-2021-39307 Stored Cross-Site Scripting (XSS) - CVE-2021-39306 Stored Cross-Site Scripting (XSS) - CVE-2021-39305 Stored Cross-Site Scripting (XSS) - CVE-2021-39304 Stored Cross-Site Scripting (XSS) - CVE-2021-39303 Stored Cross-Site Scripting (XSS) - CVE-2021-39302 Stored Cross-Site Scripting (XSS) - CVE-2021-39301 Stored Cross-Site Scripting (XSS) - CVE-2021-39300 Stored Cross-Site Scripting (XSS) - CVE-2021-39299 Stored Cross-Site Scripting (XSS) - CVE-2021-39298 Stored Cross-Site Scripting (XSS) - CVE-2021-39297 Stored Cross-Site Scripting (XSS) - CVE-2021-39296 Stored Cross-Site Scripting (XSS) - CVE-2021-39295 Stored Cross-Site Scripting (XSS) - CVE-2021-39294 Stored Cross-Site Scripting (XSS) - CVE-2021-39293 Stored Cross-Site Scripting (XSS) - CVE-2021-39292 Stored Cross-Site Scripting (XSS) - CVE-2021-39291 Stored Cross-Site Scripting (XSS) - CVE-2021-39290 Stored Cross-Site Scripting (XSS) - CVE-2021-39289 Stored Cross-Site Scripting (XSS) - CVE-2021-39288 Stored Cross-Site Scripting (XSS) - CVE-2021-39287 Stored Cross-Site Scripting (XSS) - CVE-2021-39286 Stored Cross-Site Scripting (XSS) - CVE-2021-39285 Stored Cross-Site Scripting (XSS) - CVE-2021-39284 Stored Cross-Site Scripting (XSS) - CVE-2021-39283 Stored Cross-Site Scripting (XSS) - CVE-2021-39282 Stored Cross-Site Scripting (XSS) - CVE-2021-39281 Stored Cross-Site Scripting (XSS) - CVE-2021-39280 Stored Cross-Site Scripting (XSS) - CVE-2021-39279 Stored Cross-Site Scripting (XSS) - CVE-2021-39

目標達成すべての支援者に感謝 — 100%達成しました！

Amelia Plugin Stored XSS Vulnerability (CVE-2022-29356) Advisory

このソースからの他の記事

目標達成 すべての支援者に感謝 — 100%達成しました！

Amelia Plugin Stored XSS Vulnerability (CVE-2022-29356) Advisory

このソースからの他の記事

目標達成すべての支援者に感謝 — 100%達成しました！