Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Jul 2013 05:12:15 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: plugins@...dpress.org, moderators@...db.org
Subject: CVE request: WordPress plugin category-grid-view-gallery XSS

Can I get 2013 CVE identifier for XSS vulnerability in WordPress plugin
category-grid-view-gallery, thanks.

Plugin page: http://wordpress.org/plugins/category-grid-view-gallery/
Original advisory: http://seclists.org/bugtraq/2013/Jul/17
Version affected: 2.3.1 (older probably affected too)
PoC: https://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E

Not yet fixed as author did not contact vendor. Top 1277 plugin by popularity.
WordPress guys could you coordinate this with plugin developer, thanks?

---
Henri Salo

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ