[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20160301082308.GC9215@nixu.com>
Date: Tue, 1 Mar 2016 10:23:08 +0200
From: Henri Salo <henri.salo@...u.com>
To: <bugtraq@...urityfocus.com>
Subject: WordPress plugin GravityForms Cross-site Scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Product: WordPress plugin GravityForms
Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius
Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution Status: Fixed by Vendor
Vendor Notification: 2016-01-21
Solution date: 2016-02-03
Public Disclosure: 2016-03-01
Vulnerability details:
- ----------------------
The software does not neutralize or incorrectly neutralizes user-controllable
input before it is placed in output that is used as a web page that is served to
users.
Steps to reproduce:
- -------------------
1. Log in to WordPress administrator panel with "Administrator" role
2. Open URL below:
http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A
Solution:
- ---------
Upgrade to 1.9.16 version.
References:
- -----------
https://www.gravityhelp.com/gravity-forms-v1-9-16-released/
Notes:
- ------
Please note that WordPress HTTP authentication cookie is using HttpOnly flag by
default.
Timeline:
- ---------
2016-01-21: Issue reported to vendor
2016-01-21: Vendor confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities
2016-03-01: Public advisory
- --
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
FIN-02151 Espoo, Finland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B
DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c
wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5
srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj
hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj
vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ
LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU
tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882
OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f
n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j
VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ
cngKk2P97PQs3pf3RuEE
=Cs0K
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists