阿里云漏洞库

漏洞描述

The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&...
https://www.wordfence.com/threat-intel/vulnerabilities/id/fe54c37f-1421-48aa-...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	i13websolution	wp_responsive_tabs	*		Up to (excluding) 1.1.16
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1.1.al7
	运行在以下环境
	系统	alibaba_cloud_linux_3	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.0.1.al8
	运行在以下环境
	系统	alma_linux_8	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
	运行在以下环境
	系统	alma_linux_9	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el9_1
	运行在以下环境
	系统	amazon_2	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1.amzn2.0.1
	运行在以下环境
	系统	amazon_2022	java-1.8.0-amazon-corretto	*		Up to (excluding) 1.8.0_362.b08-1.amzn2022
	运行在以下环境
	系统	amazon_AMI	mysql57	*		Up to (excluding) 5.7.41-1.18.amzn1
	运行在以下环境
	系统	anolis_os_7	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1
	运行在以下环境
	系统	anolis_os_8	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.0.1
	运行在以下环境
	系统	centos_7	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1.el7_9
	运行在以下环境
	系统	fedora_36	java-17-openjdk	*		Up to (excluding) 17.0.6.0.10-1.fc36
	运行在以下环境
	系统	fedora_37	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1.fc37
	运行在以下环境
	系统	fedora_EPEL_8	java-latest-openjdk	*		Up to (excluding) 19.0.2.0.7-1.rolling.el8
	运行在以下环境
	系统	fedora_EPEL_9	java-latest-openjdk	*		Up to (excluding) 19.0.2.0.7-1.rolling.el9
	运行在以下环境
	系统	kylinos_aarch64_V10	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10HPC	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0.392.b08-2.p01.ky10h
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP32309a	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0.392.b08-2.p01.ky10h
	运行在以下环境
	系统	kylinos_aarch64_V10SP32309b	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0.392.b08-2.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10HPC	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0.392.b08-2.p01.ky10h
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.20.8-2.ky10
	运行在以下环境
	系统	opensuse_Leap_15.4	java-1_8_0-ibm	*		Up to (excluding) 1.8.0_sr8.0-150000.3.71.1
	运行在以下环境
	系统	oracle_7	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-1.el7_9
	运行在以下环境
	系统	oracle_8	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
	运行在以下环境
	系统	oracle_9	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.0.1.el9_1
	运行在以下环境
系统	redhat_7	java-1.8.0-ibm	*		Up to (excluding) 1.8.0.8.0-1jpp.1.el7
运行在以下环境
系统	redhat_8	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
运行在以下环境
系统	redhat_9	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el9_1
运行在以下环境
系统	rocky_linux_8	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
运行在以下环境
系统	rocky_linux_9	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el9_1
运行在以下环境
系统	suse_12_SP5	java-1_8_0-ibm	*		Up to (excluding) 1.8.0_sr8.0-30.105.1

攻击路径

网络
攻击复杂度

低
权限要求

无
影响范围

已更改
用户交互

需要
可用性

无
保密性

低
完整性

低

CWE-ID	漏洞类型
CWE-79	在Web页面生成时对输入的转义处理不恰当（跨站脚本）

java-1.8.0-openjdk 安全漏洞 (CVE-2023-2184)

漏洞描述

解决建议

参考链接

受影响软件情况