Date: Thu, 11 Jul 2013 05:12:15 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: plugins@...dpress.org, moderators@...db.org Subject: CVE request: WordPress plugin category-grid-view-gallery XSS Can I get 2013 CVE identifier for XSS vulnerability in WordPress plugin category-grid-view-gallery, thanks. Plugin page: http://wordpress.org/plugins/category-grid-view-gallery/ Original advisory: http://seclists.org/bugtraq/2013/Jul/17 Version affected: 2.3.1 (older probably affected too) PoC: https://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E Not yet fixed as author did not contact vendor. Top 1277 plugin by popularity. WordPress guys could you coordinate this with plugin developer, thanks? --- Henri Salo [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ