Date: Sat, 11 Apr 2015 21:31:54 +1200 From: Matthew Daley <mattd@...fuzz.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 I'd like to request a CVE ID for this issue. This is the first such request; this message serves as an advisory as well. Affected software: Floating Social Bar (Wordpress plugin) Affected versions: 1.0.1 - 1.1.6 Website: https://wordpress.org/plugins/floating-social-bar/ Reported by: Matthew Daley Description: One of the plugin's unauthenticated AJAX action handlers is vulnerable to a stored cross-site scripting vulnerability. By invoking the action with certain parameters, it is possible for unauthenticated attackers to force the persistent injection of arbitrary script across the site's post pages. Fixed version: 1.1.7 Fix: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk Changelog: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk#file5 - Matthew Daley
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ