oss-sec mailing list archives
CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers
From: Responsive Disclosure | HSASec <disclosure () hsasec de>
Date: Wed, 24 Jun 2015 17:15:26 +0200
Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: Broken Link Checker (https://wordpress.org/plugins/broken-link-checker/) Version: up to 1.10.8 Vendor: Janis Elsts (http://w-shadow.com/) Fixed: reported: 2015-04-05 fixed in version 1.10.9, 2015-06-19 Changelog: https://wordpress.org/plugins/broken-link-checker/changelog/ PoC available: yes (internal) Description: Persistent XSS in wordpress-admin-panel enabled by not proper sanitized HTTP-Headers. There are no special priviliges required to exploit this vulnerability. Researchers: * Michael Kapfer (Michael.Kapfer () hs-augsburg de) Best regards, the HSASec-Team (https://www.hsasec.de)
Current thread:
- CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Responsive Disclosure | HSASec (Jun 24)