Re: Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://seclists.org/fulldisclosure/2015/May/40
> https://plugins.trac.wordpress.org/changeset/1117499

> # Affected Versions: Tested on v1.1 (revision @1115307)
> # Fixed Version: v1.1 (revision @1117499)

(The https://wordpress.org/plugins/roomcloud/changelog/ page does not
currently list this issue. Note that a download labeled 1.1 could
potentially be either a vulnerable version or a fixed version.)

> Unsantized POST parameters are susceptible to XSS in the roomcloud.php file
> viz., (1)pin, (2)start_day, (3)start_month, (4)start_year, (5)end_day,
> (6)end_month, (7)end_year, (8)lang, (9)adults, (10)children

The implication seems to be that potential hotel guests, who obviously
do not have administrative access to the hotel web site, can make the
POST request. Use CVE-2015-3904.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVX30nAAoJEKllVAevmvms6Q8H/0pXtn2l5nEy3dTh1S3YH7xD
capTFDit0z8L4SzFR4BrJx0YEpEgOujsZdLRZkJzZbT3gw3Sgk3H3sELl82DHu3Q
oHx+K+Gg3MptO+yVinivPkWyKdGn63UxVKwCX58nU3JA7b3FHnxlyRiC/wihyxyx
KBu0RZ+3gW9+jiJTyLs00SJ/NTAG+HjivhBbMqUP+suOvExhlnNgF1EUeB5LftGF
LppAP17wYYKvy1m+upk+JdlmzBA4K7uxPpklkfSXdcQbOxN7GnNrBB31uzFrff88
6P8AMpwGJOscJ3VjTnI7XIyzyn2I9sWCd5y1FhIexyMse73rJt+aGjMQZGYKf/w=
=WA80
-----END PGP SIGNATURE-----