oss-sec mailing list archives
Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress
From: cve-assign () mitre org
Date: Sun, 31 May 2015 08:23:15 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Product: WordPress plugin wp-smiley Plugin page: https://wordpress.org/plugins/wp-smiley/ Vulnerable Versions: 1.4.1
Your message didn't mention the direct impact of an unauthorized change to the s4w-more field. We think you mean something like: The vulnerabilities are independent because: - if only the CSRF were fixed, then an editor could intentionally conduct an XSS attack against an Administrator - if only the XSS were fixed, then an attacker could trigger use of their own text for a "More" button within the plugin, e.g., by replacing the default word "More" with the attacker-supplied word "0wned" - and this would be visible to all site visitors In that case: Vulnerability Type: CWE-79: Cross-site scripting CVE-2015-4139 CWE-352: Cross-Site Request Forgery CVE-2015-4140 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVavy/AAoJEKllVAevmvmsWe8H/RslzPq3sXdq7b3XlwYNee4R tUchh3Qbj6T8mmght34qr1l6uFoqgiZU54kYIoZ8nzwzMFqO/ZJzryQyQekOWcw3 kWWJMG/0u7rm6hrrwCFcqfqKAsSloKyDJPr1LVBNdMAKOaVsMa21GtgyUGKXihcc Nz16spkjHzjnsdVsCHM/MhQYSip8/lw5ldwmKKgzVujnhXo1/fpW+iEIEjHejS77 2hvTWTaSg/xd+fPCV0trUhQuhAVl6R1dXelv/AXjqXDapZSqgXvoH/0r4/csGFtY izDxqGR6cUgOR2Zyw2KBfHyc/IWmVSKP8SJf7JrkCud34ukcP0Qwde/BZbacATU= =h122 -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS and CSRF in WP Smiley plugin for WordPress Henri Salo (May 29)
- Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress cve-assign (May 31)