Date: Wed, 1 Jul 2015 13:53:46 +0000 From: "Seaman, Chad" <cseaman@...mai.com> To: "disclosure@...sec.de" <disclosure@...sec.de>, "cve-assign@...re.org" <cve-assign@...re.org>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE request: persistent XSS in Wordpress Plugin NewStatPress v.1.0.3 Was recently told by mitre that http referer injections don't "count" because my PoC used the curl referer flag rather that a malicious redirect... Curious to see what they say here. - Chad ------ Original message------ From: Responsive Disclosure | HSASec Date: Wed, Jul 1, 2015 3:55 AM To: cve-assign@...re.org;oss-security@...ts.openwall.com; Subject:[oss-security] CVE request: persistent XSS in Wordpress Plugin NewStatPress v.1.0.3 OpenWallInfo ============ Created Tuesday 30 June 2015 Dear Sir or Mam, we want to inform you about a security vulnerability in one of the plugins provided by you or one member of your company. Please regard the information below. Plugin: NewStatPress (https://wordpress.org/plugins/newstatpress/) Product-Type: Wordpress-Plugin Version: 1.0.3 Vendor: ice00 (http://newstatpress.altervista.org/?page_id=2) Fixed: reported: 2015-06-30 fixed in version 1.04, 2015-06-30 Changelog: https://wordpress.org/plugins/newstatpress/changelog/ Type of vulnerability: persistent XSS via HTTP-Header (Referer) (no authentication required) Description: An unsifficent user input validation (of HTTP-Header: Referer) results in a persistent XSS in the wordpress admin-panel. So an attacker may be able to access any cookies, session tokens or other sensitive information retained by the browser and used with that site. Proof of Concept: yes (internal) Researchers: * Michael Kapfer (Michael.Kapfer@...augsburg.de) Best regards, HSASec-Team (https://www.HSASec.de)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ