Bugtraq mailing list archives
Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability
From: Pietro Oliva <pietroliva () gmail com>
Date: Thu, 13 Feb 2014 08:08:13 +0100
# Vulnerability: Wordpress plugin Buddypress <= 1.9.1 stored xss # Date: 13/02/2014 # Author: Pietro Oliva # Vendor Homepage: http://buddypress.org # Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip # Version: 1.9.1 # CVE : [CVE-2014-1888] # Responsibly disclosed and patched in version 1.9.2 During the group creation process in Buddypress it's possible to inject javascript code into the name field in the form at http://example.com/groups/create/step/group-details/ as for instance: name" onmouseover="alert('xss'). To test this vulnerability you have reproduce the following steps: 1) create a group named as follows: name" onmouseover="alert('xss') 2) visiting this url:http://example.com/groups/create/step/group-details/ causes the alert to show on mouse over the group name field -Pietro Oliva-
Current thread:
- Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability Pietro Oliva (Feb 13)