| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Mar 2016 10:23:08 +0200 From: Henri Salo <henri.salo@...u.com> To: <bugtraq@...urityfocus.com> Subject: WordPress plugin GravityForms Cross-site Scripting vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin GravityForms Product URL: http://www.gravityforms.com/ Vendor: Rocketgenius Vulnerability Type: Reflected Cross-site Scripting (CWE-79) Vulnerable Versions: 1.9.15.11 (other versions not tested) Fixed Version: 1.9.16 Solution Status: Fixed by Vendor Vendor Notification: 2016-01-21 Solution date: 2016-02-03 Public Disclosure: 2016-03-01 Vulnerability details: - ---------------------- The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Steps to reproduce: - ------------------- 1. Log in to WordPress administrator panel with "Administrator" role 2. Open URL below: http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A Solution: - --------- Upgrade to 1.9.16 version. References: - ----------- https://www.gravityhelp.com/gravity-forms-v1-9-16-released/ Notes: - ------ Please note that WordPress HTTP authentication cookie is using HttpOnly flag by default. Timeline: - --------- 2016-01-21: Issue reported to vendor 2016-01-21: Vendor confirms the issue 2016-02-03: Vendor publishes new release 2016-02-29: CVE request 2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities 2016-03-01: Public advisory - -- Henri Salo Security Specialist, Nixu Oy Mobile: +358 40 770 5733 PL 39 FIN (Keilaranta 15) FIN-02151 Espoo, Finland -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5 srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882 OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ cngKk2P97PQs3pf3RuEE =Cs0K -----END PGP SIGNATURE-----
Powered by blists - more mailing lists