Project

General

Profile

Actions
Copy link

Task #11721

closed
RJ IA

Task #11711: Security Vulnerability Scan 2023-05-18

Fix security issues in dse.cs.tum.de

Task #11721: Fix security issues in dse.cs.tum.de

Added by Robert Jandow about 2 months ago. Updated about 2 months ago.

Status:
Won't Fix
Priority:
Minor
Assignee:
Ignacio Alejandro
Start date:
06.03.2026
Due date:
% Done:

0%

Estimated time:
SecReporter:
Originally created on:
23.05.2023
Originally updated on:
25.06.2023
Original due date:

Description

{code:java}
############################################################

host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443

  • 6.1 - WordPress Elementor Page Builder Plugin <= 3.5.5 XSS Vulnerability
  • 2023-05-15T11:24:18Z - 26292b1e-e620-49b1-8913-346ab029c68b - 1.3.6.1.4.1.25623.1.0.126057
    summary: The WordPress plugin 'Elementor Page Builder' is prone
    to a cross-site scripting (XSS) vulnerability.
    problem: Installed version: 3.5.5
    Fixed version: 3.5.6
    Installation
    path / port: /wp-content/plugins/elementor

impact: An attacker could do the following: account takeovers,
executing javascript on victim's behalf, SOAP bypass, CORS bypass, Defacement.

solution: VendorFix: Update to version 3.5.6 or later.

############################################################

host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443

  • 5.5 - WordPress Popup Maker Plugin < 1.16.9 Multiple XSS Vulnerabilities
  • 2023-05-15T11:24:18Z - 2bbd4221-ed4f-4aa2-b421-ce9794867d9b - 1.3.6.1.4.1.25623.1.0.170320
    summary: The WordPress plugin 'Popup Maker' is prone to multiple cross-site
    scripting (XSS) vulnerabilities.
    problem: Installed version: 1.16.4
    Fixed version: 1.16.9
    Installation
    path / port: /wp-content/plugins/popup-maker

impact:

solution: VendorFix: Update to version 1.16.9 or later.

############################################################

host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443

  • 4.8 - WordPress Popup Maker Plugin < 1.16.5 XSS Vulnerability
  • 2023-05-15T11:24:18Z - 879d0789-2a99-414a-838b-e9f117d0f236 - 1.3.6.1.4.1.25623.1.0.170318
    summary: The WordPress plugin 'Popup Maker' is prone to a cross-site
    scripting (XSS) vulnerability.
    problem: Installed version: 1.16.4
    Fixed version: 1.16.5
    Installation
    path / port: /wp-content/plugins/popup-maker

impact:

solution: VendorFix: Update to version 1.16.5 or later.

############################################################

host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443

  • 3.6 - WordPress Popup Maker Plugin < 1.16.11 XSS Vulnerability
  • 2023-05-15T11:24:18Z - cede042c-2423-40f6-858e-17b45290859f - 1.3.6.1.4.1.25623.1.0.170319
    summary: The WordPress plugin 'Popup Maker' is prone to a cross-site
    scripting (XSS) vulnerability.
    problem: Installed version: 1.16.4
    Fixed version: 1.16.11
    Installation
    path / port: /wp-content/plugins/popup-maker

impact:

solution: VendorFix: Update to version 1.16.11 or later. {code}

Actions
Copy link

Also available in: PDF Atom