WordPress WooCommerce Plugin Persistent Cross Site Scripting Vulnerability
Publish Date: 15 September 2016
Schweregrad:: Hoch
Beschreibung
A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000552