oss-sec mailing list archives
Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Apr 2012 13:28:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/16/2012 01:58 AM, Henri Salo wrote:
Hello, This issue is without 2011 CVE. Could we assign one, thanks? Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/ OSVDB: http://osvdb.org/74046 Secunia: SA45234 Discussion: http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407 Fixed in SVN revision 520611.
Please use CVE-2011-4955 for this issue.
- Henri Salo svn diff -r520603:520611 Index: ui_stats.php ===================================================================
- --- ui_stats.php (revision 520603)
+++ ui_stats.php (revision 520611) @@ -243,7 +243,7 @@ if( count( $results ) ) foreach( $results as $res ) - echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n"; + echo '<li><a href="'. sanitize_url( $res->name ).'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n"; else echo '<li>No Data Yet.</li>'; @@ -276,7 +276,7 @@ if( count( $results ) ) foreach( $results as $res ){ if( 1 == $res->object_type ) - echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; + echo '<li><a href="'. sanitize_url( $res->name ) .'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; else echo '<li><a href="'. get_permalink( $res->object_id ) .'">'. wordwrap( get_the_title( $res->object_id ), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>'; }else{ Index: bsuite.php ===================================================================
- --- bsuite.php (revision 520603)
+++ bsuite.php (revision 520611) @@ -3,7 +3,7 @@ Plugin Name: bSuite Plugin URI: http://maisonbisson.com/bsuite/ Description: Stats tracking, improved sharing, related posts, CMS features, and a kitchen sink. <a href="http://maisonbisson.com/bsuite/">Documentation here</a>. -Version: 5 alpha 2 +Version: 5 alpha 3 Author: Casey Bisson Author URI: http://maisonbisson.com/blog/ */ Index: readme.txt ===================================================================
- --- readme.txt (revision 520603)
+++ readme.txt (revision 520611) @@ -4,7 +4,7 @@ Tags: cms, content management, tags, stats, statistics, formatting, pages, widgets, related posts, keyword searching, post, posts, page, pages, admin, related content Requires at least: 3.2 Tested up to: 3.3.1 -Stable tag: 5a2 +Stable tag: trunk A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities as an application platform.
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPjHLhAAoJEBYNRVNeJnmTQLwP/05JX47iulyX4Qkjy4tZ2gT+ gOnxAIaZjEC832QprNpxPztRsZDxwuY/Smi8/rDge13oILRDv2GiwzGOXzL4IFXI 8xL7mM7ZrLQaYdo9rbJRwjC7bwaHLAX05kpbd4zVebGBogvAAXO7lbFuC1OdNlcB Z9qvK3L2TKF9aQQX9pkDsYK/8c2aaL4Ar+a6oa4rd/yMNLGT+3T+WjATZjNqauwC YJ2JMtgXgeubxtvWDYrGSg5S5adQoiuT9m8SrdFeizk/vstCEnyWfKzESwBsnpDn 8gBHiRtOih7yB2yaB3xM/27eEaU6KASAAUr70qCOcm3O2p9uR5W6BtDPpf9hV87i iY72Eyyyte8xNoV9C8HIappX+ca4AVRECBa0E4ha6du27Fa5IRqNDjr9atvyqXoJ g+gEcmVh0mdXUoErf4/lyRggqLlQKO1WkzSTyN6L7/0WYMazDogiFv+nlHi+gVcM ZDT6PoU4x5wEzFLn3rMJ7kx6Z4/hARvp/6aXhauA+xZTm7QyDbamJ5hEuVcEkR34 eu279Gi6Lb9QqGb4YktsrkUgoYO0VZgHevRd5lKu1Tmxv7bcBpsNQJP/tu1IuH0H PEqMzB/PoqQmpZ/PEE1oMKA+5Jgc36mCAlcUHobycC5br+H0UnfSD2wgOgNYBpvs mKfkwacBNGyqVPoY0umA =Jbis -----END PGP SIGNATURE-----
Current thread:
- CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Henri Salo (Apr 16)
- Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Kurt Seifried (Apr 16)