![]() |
|
Date: Mon, 01 Feb 2016 19:05:21 -0500 From: Larry Cashdollar <larry0@...com> To: Open Security <oss-security@...ts.openwall.com> Subject: Wordpress plugin Reflected XSS in connections v8.5.8 Title: Wordpress plugin Reflected XSS in connections v8.5.8 Author: Larry W. Cashdollar, @_larry0 Date: 2016-01-26 Download Site: https://wordpress.org/plugins/connections/ Vendor: https://profiles.wordpress.org/shazahm1hotmailcom/ Vendor Notified: 2016-01-28 Vendor Fixed: 2016-02-01, v8.5.9 Vendor Contact: https://profiles.wordpress.org/shazahm1hotmailcom/ Description: An easy to use directory plugin to create an address book, business directory, staff directory or church directory. Vulnerability:Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the āsā variable. In file includes/admin/pages/manage.php Line 320: <input type="search" id="entry-search-input" name=ās" value="<?php if ( isset( $_GET['s'] ) && ! empty( $_GET['s'] )) echo $_GET['s'] ; ?>" /> CVEID: 2016-0770 Advisory: http://www.vapidlabs.com/advisory.php?v=161
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.