CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 5CVE-2015-9230 – BulletProof Security < .52.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9230
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. En la página admin/db-backup-security/db-backup-security.php en el plugin BulletProof Security en versiones anteriores a la .52.5 para WordPress, es posible que los administradores remotos autenticados realicen un ataque de Cross-Site Scripting (XSS) mediante el parámetro DBTablePrefix. • http://www.openwall.com/lists/oss-security/2015/10/27/3 https://cxsecurity.com/issue/WLB-2016010011 https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html https://forum.ait-pro.com/forums/topic/bps-changelog https://github.com/cybersecurityworks/Disclosed/issues/3 https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/8224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •