Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/15/2012 01:41 PM, Henri Salo wrote:
> Hello,
>
> WordPress plugin wp-facethumb version 0.1 is affected to reflected
> XSS vulnerability. This issue is fixed in version 0.2. Could I get
> 2012 CVE-identifier for this issue, thanks.
>
> Changelog:
> http://plugins.svn.wordpress.org/wp-facethumb/trunk/readme.txt 
> Original advisory: http://cxsecurity.com/issue/WLB-2012050106 My
> report to developer:
> http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79
Plugin URL: http://wordpress.org/extend/plugins/wp-facethumb/ (will show
up very soon. WP admins disabled this until fix is done)
> Diff included between tags 0.1 and 0.2.
>
> - Henri Salo

Please use CVE-2012-2371 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPsy3TAAoJEBYNRVNeJnmTViQP/RKEwI5U+LgazdspGES6Y1P1
bAezznORp2v/v+Na/ibBImahulldO/8CPfO+2n3jVSq2pxNKsdxxgxY/b3wr6DUs
KQAev2FFG8XgF1G5Sj2hW5cjOMAU7kjkvwR2d/DmNVSGKEJcSHMalCj2wfWTcMk+
VlhzKyhsnZM34HEDiJAPpX8PfENpo6bsy3S77bT9vA6mM1OyHrPcp4ADsOSvtBso
ixJIZSF7rPen/O2iKOwT5iyQOW9zb/eoSsoYAtFHPvN9d/0woePZcuudKK+oNLXL
Fwpldd/P9NqrCHqLJ1hvd4VB+q9LsNYO796BB9CSdB2t+cXBgU2m/Xd5QyAcfZG7
Y7GBsviTDWk+JqkULLxkdPMM+8YTn0riIpoLbmnFjepox5bD4IUc7Z0T0TLIGq6O
XglrJmrZ+SnMP/jywsWaOm+lo3cLWT2UK5FCHn42h+ZAb0WNaWJvwZoLVTPX6E1J
Vp5qhdofzUrur5L7AqgCQaaFoP0hmeIWWaP8+GL2CE7COCHnYWnbUpAXuAaNMpLA
fU7DFEN5QkqFVSjBXEq6svLQouFf2G4yV64dB3x5iuQm+1nCjPN4hqgg9HKGjJlD
jGpIdlHS8bXCm7WeU9yLYBnp17yeC1eu8MLelo7xitd+QOYoJbBNb3F5Dl49oHc9
WkTvfIGleHYXbwnZOoAR
=E3AS
-----END PGP SIGNATURE-----