oss-sec mailing list archives
CVE request: WordPress plugin category-grid-view-gallery XSS
From: Henri Salo <henri () nerv fi>
Date: Thu, 11 Jul 2013 05:12:15 +0300
Can I get 2013 CVE identifier for XSS vulnerability in WordPress plugin category-grid-view-gallery, thanks. Plugin page: http://wordpress.org/plugins/category-grid-view-gallery/ Original advisory: http://seclists.org/bugtraq/2013/Jul/17 Version affected: 2.3.1 (older probably affected too) PoC: https://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E Not yet fixed as author did not contact vendor. Top 1277 plugin by popularity. WordPress guys could you coordinate this with plugin developer, thanks? --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 10)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)