[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [CVE-2017-17753] Multiple Cross-Site Scripting (XSS) vulnerabilities in CSV Import-Export Wordp
From: <nicolas.buzy-debat () orange ! com>
Date: 2017-12-19 17:13:40
Message-ID: 29235_1513703621_5A3948C5_29235_371_1_6AB2D331DE4A31449464D20926760F7902D63997 () OPEXCLILM24 ! corporate ! adroot ! infra ! ftgroup
[Download RAW message or body]
Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/
Vendor: eSparkBiz
Tested version: 1.1
CVE ID: CVE-2017-17753
** CVE description **
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through \
1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) \
cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to \
includes/admin/views/esb-cie-import-export-page.php.
** Technical details **
In the conditional block at includes/admin/views/esb-cie-import-export-page.php:21, the \
cie_type, cie_import, cie_update and cie_ignore HTTP GET parameters are echoed back to user \
without proper sanitization.
Vulnerable code:
https://plugins.trac.wordpress.org/browser/csv-import-export/trunk/includes/admin/views/esb-cie-import-export-page.php#L21
** Proof of Concept **
http://<host>/wordpress/wp-admin/admin.php?page=esb-cie-import-export-page&cie_ignore=<script>alert(document.cookie);</script>
** Solution **
No fix available yet.
** Timeline **
12/10/2017: vendor contacted; no reply
24/10/2017: vendor contacted; no reply
31/10/2017: vendor contacted; vendor asks for more details then stops replying
05/12/2017: vendor contacted; no reply
19/12/2017: report published
** Credits **
Vulnerability discovered by Nicolas Buzy-Debat working at Orange Cyberdefense Singapore \
(CERT-LEXSI).
--
Best Regards,
Nicolas Buzy-Debat
Orange Cyberdefense Singapore (CERT-LEXSI)
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou \
privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si \
vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi \
que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange \
decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be \
protected by law; they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and \
its attachments. As emails may be altered, Orange is not liable for messages that have been \
modified, changed or falsified. Thank you.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic