Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Apr 2015 21:31:54 +1200
From: Matthew Daley <mattd@...fuzz.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1
 - 1.1.6

I'd like to request a CVE ID for this issue. This is the first such
request; this message serves as an advisory as well.

Affected software: Floating Social Bar (Wordpress plugin)
Affected versions: 1.0.1 - 1.1.6
Website: https://wordpress.org/plugins/floating-social-bar/
Reported by: Matthew Daley

Description: One of the plugin's unauthenticated AJAX action handlers
is vulnerable to a stored cross-site scripting vulnerability. By
invoking the action with certain parameters, it is possible for
unauthenticated attackers to force the persistent injection of
arbitrary script across the site's post pages.

Fixed version: 1.1.7
Fix: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk
Changelog: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk#file5

- Matthew Daley

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ