RSS   Vulnerabilities for 'Litespeed cache'   RSS

2022-01-03
 
CVE-2021-24963

CWE-79
 

 
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

 
 
CVE-2021-24964

CWE-79
 

 
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

 
2020-12-26
 
CVE-2020-29172

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.

 

 >>> Vendor: Litespeedtech 4 Products
Litespeed web server
Open litespeed
Openlitespeed
Litespeed cache


Copyright 2024, cxsecurity.com

 

Back to Top