oss-sec mailing list archives

CVE: Request

From: Puneeth Gowda <puneethis021 () gmail com>
Date: Wed, 29 Jan 2014 20:40:43 +0530

Kindly issue the CVE-ID.

I have reported cross site scripting(xss) in Nokia Maps & Places(v:1.6.6)
wordpress plugin.

Link: http://wordpress.org/plugins/nokia-mapsplaces/
Disclosed to plugins () wordpress org : 18/01/2014
Contacted author via twitter : No response
vulnerable link from wordpress svn :
http://plugins.svn.wordpress.org/nokia-mapsplaces/tags/1.6.6/page/place.html

Issue Fixed on : 20/01/2014
Reference for change log :
https://plugins.trac.wordpress.org/log/nokia-mapsplaces/

Regards
Puneeth Gowda
CEH | OSCP
puneethis021 () gmail com





---------- Forwarded message ----------
From: Puneeth Gowda <puneethis021 () gmail com>
Date: Sat, Jan 18, 2014 at 5:15 PM
Subject: Vulnerability in Nokia Maps & Places (Version:1.6.6)
To: plugins () wordpress org


Hi,

I would like to report cross site scripting(xss) in Nokia Maps &
Places(v:1.6.6) wordpress plugin.

Please find the attached document for POC.

Kindly let me know if you face any issues while reproducing POC.

Thanks
Puneeth Gowda

Attachment: XSS in Nokia Maps & Places plugin v 1.6.6.pdf
Description:

Current thread:

CVE: Request Puneeth Gowda (Jan 29)
- Re: CVE: Request cve-assign (Jan 29)