Date: Mon, 01 Feb 2016 19:05:21 -0500 From: Larry Cashdollar <larry0@...com> To: Open Security <oss-security@...ts.openwall.com> Subject: Wordpress plugin Reflected XSS in connections v8.5.8 Title: Wordpress plugin Reflected XSS in connections v8.5.8 Author: Larry W. Cashdollar, @_larry0 Date: 2016-01-26 Download Site: https://wordpress.org/plugins/connections/ Vendor: https://profiles.wordpress.org/shazahm1hotmailcom/ Vendor Notified: 2016-01-28 Vendor Fixed: 2016-02-01, v8.5.9 Vendor Contact: https://profiles.wordpress.org/shazahm1hotmailcom/ Description: An easy to use directory plugin to create an address book, business directory, staff directory or church directory. Vulnerability:Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the ’s’ variable. In file includes/admin/pages/manage.php Line 320: <input type="search" id="entry-search-input" name=“s" value="<?php if ( isset( $_GET['s'] ) && ! empty( $_GET['s'] )) echo $_GET['s'] ; ?>" /> CVEID: 2016-0770 Advisory: http://www.vapidlabs.com/advisory.php?v=161
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ