oss-sec mailing list archives
CVE-request: WordPress plugin Adminimize XSS
From: Henri Salo <henri () nerv fi>
Date: Thu, 5 Jan 2012 13:06:17 +0200
Original advisory: http://www.securityfocus.com/archive/1/520591 OSVDB: http://osvdb.org/show/osvdb/77472 Fixed in: 1.7.22 Vulnerable: All before 1.7.22 SCM: http://plugins.svn.wordpress.org/adminimize/ Changelog: http://wordpress.org/extend/plugins/adminimize/changelog/ Should be 2011 CVE. fgeek@example:~/adminimize/tags$ diff 1.7.21/adminimize_page.php 1.7.22/adminimize_page.php 121c121 < <form name="backend_option" method="post" id="_mw_adminimize_options" action="?page=<?php echo $_GET['page'];?>" > ---
<form name="backend_option" method="post" id="_mw_adminimize_options" action="?page=<?php echo esc_attr( $_GET['page'] );?>" >
- Henri Salo
Current thread:
- CVE-request: WordPress plugin Adminimize XSS Henri Salo (Jan 05)
- Re: CVE-request: WordPress plugin Adminimize XSS Kurt Seifried (Jan 05)