Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 Jan 2012 13:06:17 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: WordPress plugin Adminimize XSS

Original advisory: http://www.securityfocus.com/archive/1/520591
OSVDB: http://osvdb.org/show/osvdb/77472
Fixed in: 1.7.22
Vulnerable: All before 1.7.22
SCM: http://plugins.svn.wordpress.org/adminimize/
Changelog: http://wordpress.org/extend/plugins/adminimize/changelog/

Should be 2011 CVE.

fgeek@...mple:~/adminimize/tags$ diff 1.7.21/adminimize_page.php 1.7.22/adminimize_page.php 
121c121
<       <form name="backend_option" method="post" id="_mw_adminimize_options" action="?page=<?php echo $_GET['page'];?>" >
---
>       <form name="backend_option" method="post" id="_mw_adminimize_options" action="?page=<?php echo esc_attr( $_GET['page'] );?>" >

- Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ