{"id":3394,"date":"2024-03-30T00:45:13","date_gmt":"2024-03-30T00:45:13","guid":{"rendered":"http:\/\/127.0.0.1\/forminator-1-29-0-cross-site-scripting-no-autenticado-a-traves-de-la-subida-de-archivos\/"},"modified":"2024-03-30T00:45:13","modified_gmt":"2024-03-30T00:45:13","slug":"forminator-1-29-0-cross-site-scripting-no-autenticado-a-traves-de-la-subida-de-archivos","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/forminator-1-29-0-cross-site-scripting-no-autenticado-a-traves-de-la-subida-de-archivos\/","title":{"rendered":"Forminator <= 1.29.0 – Cross-Site Scripting no Autenticado a trav\u00e9s de la Subida de Archivos"},"content":{"rendered":"
<\/p>\n
La vulnerabilidad CVE-2024-1794, denominada ‘Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)’, afecta al plugin Forminator para WordPress en versiones hasta 1.29.0. Esta vulnerabilidad permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a dicha p\u00e1gina. La vulnerabilidad de Cross-Site Scripting (XSS) almacenado se […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1105],"class_list":["post-3394","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1794"],"yoast_head":"\n