Date: Wed, 24 Jun 2015 17:15:26 +0200 From: Responsive Disclosure | HSASec <disclosure@...sec.de> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, cve-assign@...re.org Subject: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: Broken Link Checker (https://wordpress.org/plugins/broken-link-checker/) Version: up to 1.10.8 Vendor: Janis Elsts (http://w-shadow.com/) Fixed: reported: 2015-04-05 fixed in version 1.10.9, 2015-06-19 Changelog: https://wordpress.org/plugins/broken-link-checker/changelog/ PoC available: yes (internal) Description: Persistent XSS in wordpress-admin-panel enabled by not proper sanitized HTTP-Headers. There are no special priviliges required to exploit this vulnerability. Researchers: * Michael Kapfer (Michael.Kapfer@...augsburg.de) Best regards, the HSASec-Team (https://www.hsasec.de)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ