[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: XSS in search functionality for Geo Mashup Wordpress plugin
From:       cve-assign () mitre ! org
Date:       2015-01-27 22:41:41
Message-ID: Pine.LNX.4.64.1501271740530.11165 () beijing ! mitre ! org
[Download RAW message or body]


> Citing the description, Geo Mashup is a plugin for Wordpress designed
> to let you
> save location information with posts, pages, and other WordPress objects.
> These information can then be presented on interactive maps in many ways.
>
> Plugin versions before 1.8.3 suffer from a cross site scripting
> vulnerability when displaying search results. The search key was not
> properly sanitized so an attacker can eventually inject arbitrary
> javascript code.
>
> Plugin author was contacted on December 16, and by January 11 the
> vulnerability was fixed and plugin version 1.8.3 was released (
> https://wordpress.org/plugins/geo-mashup/changelog/).
>
>
> Paolo
> -- 
> $ cd /pub
> $ more beer
>
> Il primo blog di application security italiano morbido fuori e croccante
> dentro: https://codiceinsicuro.it

Use CVE-2015-1383.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
[prev in list] [next in list] [prev in thread] [next in thread]