Date: Wed, 24 Jun 2015 17:15:26 +0200 From: Responsive Disclosure | HSASec <disclosure@...sec.de> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, cve-assign@...re.org Subject: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: Broken Link Checker (https://wordpress.org/plugins/broken-link-checker/) Version: up to 1.10.8 Vendor: Janis Elsts (http://w-shadow.com/) Fixed: reported: 2015-04-05 fixed in version 1.10.9, 2015-06-19 Changelog: https://wordpress.org/plugins/broken-link-checker/changelog/ PoC available: yes (internal) Description: Persistent XSS in wordpress-admin-panel enabled by not proper sanitized HTTP-Headers. There are no special priviliges required to exploit this vulnerability. Researchers: * Michael Kapfer (Michael.Kapfer@...augsburg.de) Best regards, the HSASec-Team (https://www.hsasec.de)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.