oss-sec mailing list archives
Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS
From: Oliveira Lima <oliveiralimajr () gmail com>
Date: Wed, 11 May 2016 16:28:57 -0300
request CVE ID for Simple Photo Gallery <= 1.8.0 - Stored Cross-Site Scripting (XSS) Description *********************** The plugin allows the execution of malicious codes on name input of the gallery and album. Proof of Concept URL *************************** http://www.rootlabs.com.br/xss-simple-photo-gallery/ Report Timeline ************************ 26-April-2016- Reported 27-April-2016- Vendor Response 27 -April-2016- Vendor Fixed 28-April-2016- Public disclosed Vendo Reference ***************** https://br.wordpress.org/plugins/simple-photo-gallery/changelog/ References ***************** <https://br.wordpress.org/plugins/simple-photo-gallery/changelog/> http://www.rootlabs.com.br/xss-simple-photo-gallery/ https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) -- Oliveira Lima Jr rootlabs.com.br Linkedin <http://br.linkedin.com/pub/oliveira-lima-junior/2b/48/285/> @oliveiralimajr <https://twitter.com/oliveiralimajr>
Current thread:
- Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS Oliveira Lima (May 11)