{"id":3591,"date":"2024-04-22T17:45:59","date_gmt":"2024-04-22T17:45:59","guid":{"rendered":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/"},"modified":"2024-04-22T17:45:59","modified_gmt":"2024-04-22T17:45:59","slug":"colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/","title":{"rendered":"Colibri Page Builder <= 1.0.262 – Cross-Site Scripting Almacenado (Autor+)"},"content":{"rendered":"
La vulnerabilidad CVE-2024-3338 en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con nivel de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a esa p\u00e1gina.<\/div>\n

<\/p>\n

La falla de seguridad reside en la falta de sanitizaci\u00f3n de la entrada y escapado de la salida en el par\u00e1metro de datos de la etiqueta alt de las im\u00e1genes. Esto hace posible la inyecci\u00f3n de scripts web almacenados por parte de usuarios autenticados, lo cual representa un riesgo de Cross-Site Scripting (XSS) en todas las versiones hasta la 1.0.262 del plugin. Para mitigar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible y evitar la inserci\u00f3n de scripts en el campo de datos de la etiqueta alt de las im\u00e1genes.<\/div>\n
Es crucial que los usuarios de Colibri Page Builder tomen medidas para proteger sus sitios web de posibles ataques de Cross-Site Scripting. Mantenerse al d\u00eda con las actualizaciones de seguridad y evitar la inserci\u00f3n de contenido no seguro en los campos de entrada puede ayudar a reducir el riesgo de explotaci\u00f3n por parte de atacantes malintencionados.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-3338 en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con nivel de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a esa p\u00e1gina. La falla de seguridad reside en la falta de sanitizaci\u00f3n de la entrada y escapado de la salida […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1301],"yoast_head":"\nColibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Colibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-3338 en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con nivel de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a esa p\u00e1gina. La falla de seguridad reside en la falta de sanitizaci\u00f3n de la entrada y escapado de la salida […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-22T17:45:59+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/\",\"url\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/\",\"name\":\"Colibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-22T17:45:59+00:00\",\"dateModified\":\"2024-04-22T17:45:59+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Colibri Page Builder <= 1.0.262 – Cross-Site Scripting Almacenado (Autor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Colibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/","og_locale":"en_US","og_type":"article","og_title":"Colibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-3338 en el plugin Colibri Page Builder para WordPress permite a atacantes autenticados con nivel de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a esa p\u00e1gina. La falla de seguridad reside en la falta de sanitizaci\u00f3n de la entrada y escapado de la salida […]","og_url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-22T17:45:59+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/","url":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/","name":"Colibri Page Builder <= 1.0.262 - Cross-Site Scripting Almacenado (Autor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-22T17:45:59+00:00","dateModified":"2024-04-22T17:45:59+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/colibri-page-builder-1-0-262-cross-site-scripting-almacenado-autor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Colibri Page Builder <= 1.0.262 – Cross-Site Scripting Almacenado (Autor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3591"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3591"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3591\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3591"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}