{"id":3813,"date":"2024-05-23T18:45:09","date_gmt":"2024-05-23T18:45:09","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/"},"modified":"2024-05-23T18:45:09","modified_gmt":"2024-05-23T18:45:09","slug":"vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor"},"content":{"rendered":"<div>El plugin LottieFiles \u2013 JSON Based Animation Lottie &amp; Bodymovin for Elementor para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenada en todas las versiones hasta la 1.10.9. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salida, lo que permite a atacantes autenticados con acceso de Contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a una p\u00e1gina inyectada.<\/div>\n<p><\/p>\n<div>Para subsanar esta vulnerabilidad, se recomienda a los usuarios actualizar el plugin a la \u00faltima versi\u00f3n disponible tan pronto como sea posible. Adem\u00e1s, se sugiere a los administradores web restringir los permisos de los usuarios autenticados para evitar que puedan inyectar scripts maliciosos en las p\u00e1ginas. Asimismo, se aconseja implementar medidas adicionales de seguridad, como firewalls de aplicaciones web o plugins de seguridad para WordPress.<\/div>\n<div>Es fundamental que los usuarios tomen medidas proactivas para proteger sus sitios web de posibles vulnerabilidades de seguridad. Al mantener actualizados los plugins y aplicar buenas pr\u00e1cticas de seguridad, se reduce significativamente el riesgo de sufrir ataques de Cross-Site Scripting y otras amenazas comunes en la web.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>El plugin LottieFiles \u2013 JSON Based Animation Lottie &amp; Bodymovin for Elementor para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenada en todas las versiones hasta la 1.10.9. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salida, lo que permite a atacantes autenticados con acceso de Contribuidor o superior inyectar [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1523],"class_list":["post-3813","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-5060"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin LottieFiles \u2013 JSON Based Animation Lottie &amp; Bodymovin for Elementor para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenada en todas las versiones hasta la 1.10.9. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salida, lo que permite a atacantes autenticados con acceso de Contribuidor o superior inyectar [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-23T18:45:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-05-23T18:45:09+00:00\",\"dateModified\":\"2024-05-23T18:45:09+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es","og_description":"El plugin LottieFiles \u2013 JSON Based Animation Lottie &amp; Bodymovin for Elementor para WordPress presenta una vulnerabilidad de Cross-Site Scripting almacenada en todas las versiones hasta la 1.10.9. Esta vulnerabilidad se debe a una insuficiente sanitizaci\u00f3n de entradas y escape de salida, lo que permite a atacantes autenticados con acceso de Contribuidor o superior inyectar [&hellip;]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-05-23T18:45:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/","name":"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-05-23T18:45:09+00:00","dateModified":"2024-05-23T18:45:09+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-lottiefiles-para-elementor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en LottieFiles para Elementor"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3813"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3813"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3813\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3813"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}