Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 31 May 2015 08:23:15 -0400 (EDT)
From: cve-assign@...re.org
To: Henri.Salo@...u.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, joni.hauhia@...u.com
Subject: Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Product: WordPress plugin wp-smiley
> Plugin page: https://wordpress.org/plugins/wp-smiley/
> Vulnerable Versions: 1.4.1

Your message didn't mention the direct impact of an unauthorized
change to the s4w&#45;more field.

We think you mean something like:

  The vulnerabilities are independent because:

  - if only the CSRF were fixed, then an editor could
    intentionally conduct an XSS attack against an Administrator

  - if only the XSS were fixed, then an attacker could trigger use of
    their own text for a "More" button within the plugin, e.g.,
    by replacing the default word "More" with the attacker-supplied
    word "0wned" - and this would be visible to all site visitors

In that case:

Vulnerability Type:
  CWE-79: Cross-site scripting          CVE-2015-4139
  CWE-352: Cross-Site Request Forgery   CVE-2015-4140

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVavy/AAoJEKllVAevmvmsWe8H/RslzPq3sXdq7b3XlwYNee4R
tUchh3Qbj6T8mmght34qr1l6uFoqgiZU54kYIoZ8nzwzMFqO/ZJzryQyQekOWcw3
kWWJMG/0u7rm6hrrwCFcqfqKAsSloKyDJPr1LVBNdMAKOaVsMa21GtgyUGKXihcc
Nz16spkjHzjnsdVsCHM/MhQYSip8/lw5ldwmKKgzVujnhXo1/fpW+iEIEjHejS77
2hvTWTaSg/xd+fPCV0trUhQuhAVl6R1dXelv/AXjqXDapZSqgXvoH/0r4/csGFtY
izDxqGR6cUgOR2Zyw2KBfHyc/IWmVSKP8SJf7JrkCud34ukcP0Qwde/BZbacATU=
=h122
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ