[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress
From:       cve-assign () mitre ! org
Date:       2015-05-31 12:23:15
Message-ID: 20150531122315.714A5B2E0A2 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Product: WordPress plugin wp-smiley
> Plugin page: https://wordpress.org/plugins/wp-smiley/
> Vulnerable Versions: 1.4.1

Your message didn't mention the direct impact of an unauthorized
change to the s4w-more field.

We think you mean something like:

  The vulnerabilities are independent because:

  - if only the CSRF were fixed, then an editor could
    intentionally conduct an XSS attack against an Administrator

  - if only the XSS were fixed, then an attacker could trigger use of
    their own text for a "More" button within the plugin, e.g.,
    by replacing the default word "More" with the attacker-supplied
    word "0wned" - and this would be visible to all site visitors

In that case:

Vulnerability Type:
  CWE-79: Cross-site scripting          CVE-2015-4139
  CWE-352: Cross-Site Request Forgery   CVE-2015-4140

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVavy/AAoJEKllVAevmvmsWe8H/RslzPq3sXdq7b3XlwYNee4R
tUchh3Qbj6T8mmght34qr1l6uFoqgiZU54kYIoZ8nzwzMFqO/ZJzryQyQekOWcw3
kWWJMG/0u7rm6hrrwCFcqfqKAsSloKyDJPr1LVBNdMAKOaVsMa21GtgyUGKXihcc
Nz16spkjHzjnsdVsCHM/MhQYSip8/lw5ldwmKKgzVujnhXo1/fpW+iEIEjHejS77
2hvTWTaSg/xd+fPCV0trUhQuhAVl6R1dXelv/AXjqXDapZSqgXvoH/0r4/csGFtY
izDxqGR6cUgOR2Zyw2KBfHyc/IWmVSKP8SJf7JrkCud34ukcP0Qwde/BZbacATU=
=h122
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]