Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 27 Jul 2016 02:35:46 +0000
From: limingxing <>
To: "" <>
Subject: CVE request : a stored XSS in Xcloner for wordpress


     I found a stored XSS in Xcloner for wordpress.  The XSS filter can 
be bypass.

     Here is the plugin page


     In the "Corn setting" page(URL is 
set the "Backup name" (corn_bname) like 

             <input type="hidden" name="cron_bname" 
             <input type="submit" name="submit">

     Fix way
     Update to version 3.1.5


     Could you assign a CVE ID for it?

Chen Ruiqi
Codesafe Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.