hcpolar.blogg.se

• #SKYPE FOR BUSINESS MAC 16.11 CODE#

Skype for Business and Lync Spoofing Vulnerability

#SKYPE FOR BUSINESS MAC 16.11 CODE#

Skype for Business and Lync Remote Code Execution Vulnerability 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font, &yith_maintenance_newsletter_email_font, &yith_maintenance_newsletter_email_font, &yith_maintenance_newsletter_submit_font, &yith_maintenance_newsletter_submit_font, &yith_maintenance_newsletter_submit_font, &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font, &yith_maintenance_logo_tagline_font, &yith_maintenance_logo_tagline_font. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font, &yith_maintenance_title_font, &yith_maintenance_title_font, &yith_maintenance_paragraph_font, &yith_maintenance_paragraph_font, &yith_maintenance_paragraph_font, &yith_maintenance_border_top. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/) // v=' - this payload will be auto triggered while admin visits this page/tab. Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8.