CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS

[Henri Salo <henri () nerv fi>]

Hello,

This issue is without 2011 CVE. Could we assign one, thanks?

Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/
OSVDB: http://osvdb.org/74046
Secunia: SA45234
Discussion: http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407

Fixed in SVN revision 520611.

- Henri Salo

svn diff -r520603:520611
Index: ui_stats.php
===================================================================
--- ui_stats.php        (revision 520603)
+++ ui_stats.php        (revision 520611)
@@ -243,7 +243,7 @@

 if( count( $results ) )
        foreach( $results as $res )
-               echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), 
'', $res->name )), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( 
$res->hit_count ) ."</small></li>\n";
+               echo '<li><a href="'. sanitize_url( $res->name ).'">'. wordwrap( htmlspecialchars( urldecode( 
str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( 
$res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n";
 else
        echo '<li>No Data Yet.</li>';

@@ -276,7 +276,7 @@
 if( count( $results ) )
        foreach( $results as $res ){
                if( 1 == $res->object_type )
-                       echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 
'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. 
$res->date_min .'</small></li>';
+                       echo '<li><a href="'. sanitize_url( $res->name ) .'">'. wordwrap( htmlspecialchars( urldecode( 
str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>'. number_format( 
$res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
                else
                        echo '<li><a href="'. get_permalink( $res->object_id ) .'">'. wordwrap( get_the_title( 
$res->object_id ), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. 
$res->date_min .'</small></li>';
 }else{
Index: bsuite.php
===================================================================
--- bsuite.php  (revision 520603)
+++ bsuite.php  (revision 520611)
@@ -3,7 +3,7 @@
 Plugin Name: bSuite
 Plugin URI: http://maisonbisson.com/bsuite/
 Description: Stats tracking, improved sharing, related posts, CMS features, and a kitchen sink. <a 
href="http://maisonbisson.com/bsuite/";>Documentation here</a>.
-Version: 5 alpha 2
+Version: 5 alpha 3
 Author: Casey Bisson
 Author URI: http://maisonbisson.com/blog/
 */
Index: readme.txt
===================================================================
--- readme.txt  (revision 520603)
+++ readme.txt  (revision 520611)
@@ -4,7 +4,7 @@
 Tags: cms, content management, tags, stats, statistics, formatting, pages, widgets, related posts, keyword searching, 
post, posts, page, pages, admin, related content
 Requires at least: 3.2
 Tested up to: 3.3.1
-Stable tag: 5a2
+Stable tag: trunk

 A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities 
as an application platform.