oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS

From: Oliveira Lima <oliveiralimajr () gmail com>
Date: Wed, 11 May 2016 16:28:57 -0300
request CVE ID for Simple Photo Gallery <= 1.8.0 - Stored Cross-Site
Scripting (XSS)

Description
***********************

The plugin allows the execution of malicious codes on name input of the
gallery and album.

Proof of Concept URL
***************************

http://www.rootlabs.com.br/xss-simple-photo-gallery/

Report Timeline
************************
26-April-2016- Reported
27-April-2016- Vendor Response
27 -April-2016- Vendor Fixed
28-April-2016- Public disclosed

Vendo Reference
*****************
https://br.wordpress.org/plugins/simple-photo-gallery/changelog/

References
*****************

<https://br.wordpress.org/plugins/simple-photo-gallery/changelog/>
http://www.rootlabs.com.br/xss-simple-photo-gallery/
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

-- 
Oliveira Lima Jr
rootlabs.com.br
Linkedin <http://br.linkedin.com/pub/oliveira-lima-junior/2b/48/285/>
@oliveiralimajr <https://twitter.com/oliveiralimajr>
Previous By Date Next
Previous By Thread Next

Current thread: