oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Wordpress plugin Reflected XSS in connections v8.5.8

From: Larry Cashdollar <larry0 () me com>
Date: Mon, 01 Feb 2016 19:05:21 -0500
Title: Wordpress plugin Reflected XSS in connections v8.5.8
Author: Larry W. Cashdollar, @_larry0
Date: 2016-01-26
Download Site: https://wordpress.org/plugins/connections/
Vendor: https://profiles.wordpress.org/shazahm1hotmailcom/
Vendor Notified: 2016-01-28
Vendor Fixed: 2016-02-01, v8.5.9
Vendor Contact: https://profiles.wordpress.org/shazahm1hotmailcom/
Description: An easy to use directory plugin to create an address book,
business directory, staff
directory or church directory.
Vulnerability:Line 320 contains unfiltered user input for the search field
being sent directly via
echo back to the users browser via the ā€™sā€™ variable.
In file includes/admin/pages/manage.php
Line 320:
<input type="search" id="entry-search-input" name=ā€œs" value="<?php if (
isset( $_GET['s'] ) && ! empty( $_GET['s'] )) echo $_GET['s'] ; ?>" />
CVEID: 2016-0770
Advisory: http://www.vapidlabs.com/advisory.php?v=161
Previous By Date Next
Previous By Thread Next

Current thread: