WordPress KSES Library Script Insertion
Application: WordPress
Affected Version: versions prior to 3.0.4
Vendor’s URL: WordPress KSES Library
Bug Type: Cross SIte Scripting
Risk Level: Medium
Solution:
Update to version 3.0.4.
Application: WordPress
Affected Version: versions prior to 3.0.4
Vendor’s URL: WordPress KSES Library
Bug Type: Cross SIte Scripting
Risk Level: Medium
Solution:
Update to version 3.0.4.
Application: CubeCart
Affected Version: version 4.4.3 and other versions
Vendor’s URL: CubeCart
Bug Type: Cross-Site Request Forgery
Risk Level: Critical
Solution:
Do not browse untrusted websites while being logged in to the application.
Application: WordPress
Affected Version: version 0.1 and other versions
Vendor’s URL: Accept Signups Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla!
Affected Version: version 1.1 and other versions.
Vendor’s URL: JE Auto Component
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.2.
Application: MH Products Easy Online Shop
Affected Version:
Vendor’s URL: MH Products Easy Online Shop
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters or character sequences via a proxy.
Application: Joomla!
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: -
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical
Solution:
Update to version 1.5.1.
Application: Joomla
Affected Version: versions prior to 1.1.
Vendor’s URL: JE Auto Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.1.
Application: Joomla!
Affected Version: version 1.1 and other versions
Vendor’s URL: Billy Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: JE Messenger Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Restrict access to the “Compose Mail” page to trusted users only.
Application: Exponent CMS
Affected Version: version 2.0.0pr2 or other versions.
Vendor’s URL: Exponent CMS
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: Ecommercemax Solutions Digital-goods seller (DGS)
Affected Version:
Vendor’s URL: Ecommercemax Solutions Digital-goods seller (DGS)
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Pulse CMS
Affected Version: version 1.2.8 and prior to this version
Vendor’s URL: Pulse CMS
Bug Type: Local File Inclusion
Risk Level: Critical
Solution:
Update to version 1.2.9.
Application: Joomla!
Affected Version: versions prior to 2.1.8.777
Vendor’s URL: sh404SEF Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Update to 2.1.8.777 or later.
Application: WordPress
Affected Version: versions prior to 3.0.2
Vendor’s URL: WordPress
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 3.0.2.
Application: Enano CMS
Affected Version: version 1.0.6pl2
Vendor’s URL: Enano CMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.0.6pl3.