CVE-2024-8107
published 2024-10-01CVE-2024-8107: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.30%
21.2th percentile
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| revolution_slider | slider_revolution | <= 6.7.18 | — |
| themepunch | slider_revolution | <= 6.7.18 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-25x7-jcpc-96r4: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6
ghsa_unreviewed·2024-10-01
CVE-2024-8107 [MEDIUM] CWE-79 GHSA-25x7-jcpc-96r4: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.
Red Hat
kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
vendor_redhat·2024-07-09·CVSS 7.1
CVE-2024-39487 [HIGH] kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In function bond_option_arp_ip_targets_set(), if newval->string is an
empty string, newval->string+1 will point to the byte after the
string, causing an out-of-bound read.
BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418
Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107
CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description mm/kas
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-01
Published