Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 16 Apr 2012 10:58:03 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS

Hello,

This issue is without 2011 CVE. Could we assign one, thanks?

Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/
OSVDB: http://osvdb.org/74046
Secunia: SA45234
Discussion: http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407

Fixed in SVN revision 520611.

- Henri Salo

svn diff -r520603:520611
Index: ui_stats.php
===================================================================
--- ui_stats.php        (revision 520603)
+++ ui_stats.php        (revision 520611)
@@ -243,7 +243,7 @@

 if( count( $results ) )
        foreach( $results as $res )
-               echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n";
+               echo '<li><a href="'. sanitize_url( $res->name ).'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n";
 else
        echo '<li>No Data Yet.</li>';

@@ -276,7 +276,7 @@
 if( count( $results ) )
        foreach( $results as $res ){
                if( 1 == $res->object_type )
-                       echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
+                       echo '<li><a href="'. sanitize_url( $res->name ) .'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
                else
                        echo '<li><a href="'. get_permalink( $res->object_id ) .'">'. wordwrap( get_the_title( $res->object_id ), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
 }else{
Index: bsuite.php
===================================================================
--- bsuite.php  (revision 520603)
+++ bsuite.php  (revision 520611)
@@ -3,7 +3,7 @@
 Plugin Name: bSuite
 Plugin URI: http://maisonbisson.com/bsuite/
 Description: Stats tracking, improved sharing, related posts, CMS features, and a kitchen sink. <a href="http://maisonbisson.com/bsuite/">Documentation here</a>.
-Version: 5 alpha 2
+Version: 5 alpha 3
 Author: Casey Bisson
 Author URI: http://maisonbisson.com/blog/
 */
Index: readme.txt
===================================================================
--- readme.txt  (revision 520603)
+++ readme.txt  (revision 520611)
@@ -4,7 +4,7 @@
 Tags: cms, content management, tags, stats, statistics, formatting, pages, widgets, related posts, keyword searching, post, posts, page, pages, admin, related content
 Requires at least: 3.2
 Tested up to: 3.3.1
-Stable tag: 5a2
+Stable tag: trunk

 A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities as an application platform.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.