oss-sec mailing list archives

CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers

From: Responsive Disclosure | HSASec <disclosure () hsasec de>
Date: Wed, 24 Jun 2015 17:15:26 +0200

Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
Broken Link Checker (https://wordpress.org/plugins/broken-link-checker/)

Version:         
up to 1.10.8

Vendor:         
Janis Elsts (http://w-shadow.com/)

Fixed:             
reported: 2015-04-05
fixed in version 1.10.9, 2015-06-19

Changelog:         
https://wordpress.org/plugins/broken-link-checker/changelog/

PoC available:     
yes (internal)

Description:
Persistent XSS in wordpress-admin-panel enabled by not proper sanitized
HTTP-Headers.
There are no special priviliges required to exploit this vulnerability.

Researchers:
* Michael Kapfer (Michael.Kapfer () hs-augsburg de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)

Current thread:

CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Responsive Disclosure | HSASec (Jun 24)
- Re: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers cve-assign (Jun 24)