oss-sec mailing list archives
Wordpress plugin Reflected XSS in connections v8.5.8
From: Larry Cashdollar <larry0 () me com>
Date: Mon, 01 Feb 2016 19:05:21 -0500
Title: Wordpress plugin Reflected XSS in connections v8.5.8 Author: Larry W. Cashdollar, @_larry0 Date: 2016-01-26 Download Site: https://wordpress.org/plugins/connections/ Vendor: https://profiles.wordpress.org/shazahm1hotmailcom/ Vendor Notified: 2016-01-28 Vendor Fixed: 2016-02-01, v8.5.9 Vendor Contact: https://profiles.wordpress.org/shazahm1hotmailcom/ Description: An easy to use directory plugin to create an address book, business directory, staff directory or church directory. Vulnerability:Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the āsā variable. In file includes/admin/pages/manage.php Line 320: <input type="search" id="entry-search-input" name=ās" value="<?php if ( isset( $_GET['s'] ) && ! empty( $_GET['s'] )) echo $_GET['s'] ; ?>" /> CVEID: 2016-0770 Advisory: http://www.vapidlabs.com/advisory.php?v=161
Current thread:
- Wordpress plugin Reflected XSS in connections v8.5.8 Larry Cashdollar (Feb 01)