Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 1 Jul 2015 13:53:46 +0000
From: "Seaman, Chad" <cseaman@...mai.com>
To: "disclosure@...sec.de" <disclosure@...sec.de>, "cve-assign@...re.org"
	<cve-assign@...re.org>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>
Subject: Re: CVE request: persistent XSS in Wordpress Plugin
 NewStatPress v.1.0.3

Was recently told by mitre that http referer injections don't "count" because my PoC used the curl referer flag rather that a malicious redirect...


Curious to see what they say here.



- Chad


------ Original message------

From: Responsive Disclosure | HSASec

Date: Wed, Jul 1, 2015 3:55 AM

To: cve-assign@...re.org;oss-security@...ts.openwall.com;

Subject:[oss-security] CVE request: persistent XSS in Wordpress Plugin NewStatPress v.1.0.3


OpenWallInfo
============
Created Tuesday 30 June 2015

Dear Sir or Mam,

we want to inform you about a security vulnerability in one of the
plugins provided by you or one member of your company.
Please regard the information below.

Plugin:
NewStatPress (https://wordpress.org/plugins/newstatpress/)

Product-Type:
Wordpress-Plugin

Version:
1.0.3

Vendor:
ice00 (http://newstatpress.altervista.org/?page_id=2)

Fixed:
reported: 2015-06-30
fixed in version 1.04, 2015-06-30

Changelog:
https://wordpress.org/plugins/newstatpress/changelog/


Type of vulnerability:
persistent XSS via HTTP-Header (Referer) (no authentication required)

Description:
An unsifficent user input validation (of HTTP-Header: Referer) results
in a persistent XSS in the wordpress admin-panel. So an attacker may be
able to access any cookies, session tokens or other sensitive
information retained by the browser and used with that site.

Proof of Concept:
yes (internal)

Researchers:
* Michael Kapfer (Michael.Kapfer@...augsburg.de)

Best regards,
HSASec-Team (https://www.HSASec.de)


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ