Date: Sun, 31 May 2015 08:23:15 -0400 (EDT) From: cve-assign@...re.org To: Henri.Salo@...u.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, joni.hauhia@...u.com Subject: Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Product: WordPress plugin wp-smiley > Plugin page: https://wordpress.org/plugins/wp-smiley/ > Vulnerable Versions: 1.4.1 Your message didn't mention the direct impact of an unauthorized change to the s4w-more field. We think you mean something like: The vulnerabilities are independent because: - if only the CSRF were fixed, then an editor could intentionally conduct an XSS attack against an Administrator - if only the XSS were fixed, then an attacker could trigger use of their own text for a "More" button within the plugin, e.g., by replacing the default word "More" with the attacker-supplied word "0wned" - and this would be visible to all site visitors In that case: Vulnerability Type: CWE-79: Cross-site scripting CVE-2015-4139 CWE-352: Cross-Site Request Forgery CVE-2015-4140 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVavy/AAoJEKllVAevmvmsWe8H/RslzPq3sXdq7b3XlwYNee4R tUchh3Qbj6T8mmght34qr1l6uFoqgiZU54kYIoZ8nzwzMFqO/ZJzryQyQekOWcw3 kWWJMG/0u7rm6hrrwCFcqfqKAsSloKyDJPr1LVBNdMAKOaVsMa21GtgyUGKXihcc Nz16spkjHzjnsdVsCHM/MhQYSip8/lw5ldwmKKgzVujnhXo1/fpW+iEIEjHejS77 2hvTWTaSg/xd+fPCV0trUhQuhAVl6R1dXelv/AXjqXDapZSqgXvoH/0r4/csGFtY izDxqGR6cUgOR2Zyw2KBfHyc/IWmVSKP8SJf7JrkCud34ukcP0Qwde/BZbacATU= =h122 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ