| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2015 09:44:25 +0100 From: Paolo Perego <paolo@...oredcode.com> To: fulldisclosure@...lists.org Subject: [FD] Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: <= 1.8.2 Fixed version: 1.8.3 (January, 11 2015) Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location information with posts, pages, and other WordPress objects. These information can then be presented on interactive maps in many ways. Plugin versions before 1.8.3 suffer from a cross site scripting vulnerability when displaying search results. The search key was not properly sanitized so an attacker can eventually inject arbitrary javascript code. Fix People can use Wordpress backend provided functionalities to upgrade Wordpress Geo Mashup plugin to the latest version. Paolo -- $ cd /pub $ more beer _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists