oss-sec mailing list archives
CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS
From: Henri Salo <henri () nerv fi>
Date: Mon, 16 Apr 2012 10:58:03 +0300
Hello, This issue is without 2011 CVE. Could we assign one, thanks? Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/ OSVDB: http://osvdb.org/74046 Secunia: SA45234 Discussion: http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407 Fixed in SVN revision 520611. - Henri Salo svn diff -r520603:520611 Index: ui_stats.php =================================================================== --- ui_stats.php (revision 520603) +++ ui_stats.php (revision 520611) @@ -243,7 +243,7 @@ if( count( $results ) ) foreach( $results as $res ) - echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n"; + echo '<li><a href="'. sanitize_url( $res->name ).'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n"; else echo '<li>No Data Yet.</li>'; @@ -276,7 +276,7 @@ if( count( $results ) ) foreach( $results as $res ){ if( 1 == $res->object_type ) - echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; + echo '<li><a href="'. sanitize_url( $res->name ) .'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; else echo '<li><a href="'. get_permalink( $res->object_id ) .'">'. wordwrap( get_the_title( $res->object_id ), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; }else{ Index: bsuite.php =================================================================== --- bsuite.php (revision 520603) +++ bsuite.php (revision 520611) @@ -3,7 +3,7 @@ Plugin Name: bSuite Plugin URI: http://maisonbisson.com/bsuite/ Description: Stats tracking, improved sharing, related posts, CMS features, and a kitchen sink. <a href="http://maisonbisson.com/bsuite/">Documentation here</a>. -Version: 5 alpha 2 +Version: 5 alpha 3 Author: Casey Bisson Author URI: http://maisonbisson.com/blog/ */ Index: readme.txt =================================================================== --- readme.txt (revision 520603) +++ readme.txt (revision 520611) @@ -4,7 +4,7 @@ Tags: cms, content management, tags, stats, statistics, formatting, pages, widgets, related posts, keyword searching, post, posts, page, pages, admin, related content Requires at least: 3.2 Tested up to: 3.3.1 -Stable tag: 5a2 +Stable tag: trunk A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities as an application platform.
Current thread:
- CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Henri Salo (Apr 16)
- Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Kurt Seifried (Apr 16)