oss-sec mailing list archives
Re: CVE request: WordPress plugin category-grid-view-gallery XSS
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 11 Jul 2013 11:59:13 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/10/2013 08:12 PM, Henri Salo wrote:
Can I get 2013 CVE identifier for XSS vulnerability in WordPress plugin category-grid-view-gallery, thanks. Plugin page: http://wordpress.org/plugins/category-grid-view-gallery/ Original advisory: http://seclists.org/bugtraq/2013/Jul/17 Version affected: 2.3.1 (older probably affected too) PoC: https://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E Not yet fixed as author did not contact vendor. Top 1277 plugin by popularity. WordPress guys could you coordinate this with plugin developer, thanks? --- Henri Salo
Can you confirm the vulnerability? I don't see any follow up emails/etc. Thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR3vJxAAoJEBYNRVNeJnmTS9wQAL7y+/GCpvB77YH6eaXjESDo ymY4IZS6nq+XN+MjNIivsqJc1YQfST8jlaNQMYuJmjS6NEydp57dVHcb3NfGY13w zeVpAnqxQVlxMISpU/NDw33NlHYkHSi71WVJylNtY8ols7Dcq0+2wM93dXRnHNVB 76pgWQW23RtV0td/7Yk7YnAqYlUIJ6nSIu4RKPdhb7hRAw/JjP9aAcILWY87Ah/U sTUjDJVkRH9AufJZ/UygczR8ZQhcWX98nYAoBhqEqU6u/bADz+qEJ8DUdrMsOTvQ 7zQYviGyDrp+au7xEwOX9rC5YvX9RxYN4CP4uXDh3v1ye4AYLmGpqfFSvAiio+1e xoNhdI1DJqblDdifAShtTw0eZY3mWLy/lHqLiZLywrDLo7qF2krEkkZFHgJKzn5J /OByTRAFsgeiEfpZrOeihk7y1fnpICTfBF2h3ftp/Tz5vG/jXfw9AbCDer5iNng+ nGuGfB3/gYZW9FZaEtHC1ge40k40LyePaQL4FdeUwL5nYdGQQJMxGlVm1Z9K0Mj2 DKcUGf7mswsYO1Cda/NJimtLxGrUdEGl5U+X0lzuk8BQXRraLYOJSN7BRXSxVLDr 3khCE/LhbFeHRN9wB5kjveT3oNvcVWg/UT4yxJLLLKBirRI8wBQHzjy5Wpn1qY8q zQGVAxSCWSvOSRbh5zx0 =CjqU -----END PGP SIGNATURE-----
Current thread:
- CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 10)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)