Livefyre Comments 3 4.1.4 XSS

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

Every registered user can change livefyre_site_id and livefyre_site_key. File: livefyre-comments\src\admin\Livefyre_Admin.php ``` function __construct( $lf_core ) { $this->lf_core = $lf_core; $this->ext = $lf_core->ext; add_action( 'admin_menu', array( &$this, 'register_admin_page' ) ); add_action( 'admin_notices', array( &$this, 'lf_install_warning') ); add_action( 'admin_init', array( &$this->lf_core->Admin, 'plugin_upgrade' ) ); add_action( 'admin_init', array( &$this, 'site_options_init' ) ); add_action( 'network_admin_menu', array(&$this, 'register_network_admin_page' ) ); add_action( 'admin_init', array( &$this, 'network_options_init' ) ); add_action( 'network_admin_edit_save_network_options', array($this, 'do_save_network_options'), 10, 0); } function site_options_init() { $name = 'livefyre'; $section_name = 'lf_site_settings'; $settings_section = 'livefyre_site_options'; register_setting( $settings_section, 'livefyre_site_id' ); register_setting( $settings_section,...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息