Re: CVE request: XSS in search functionality for Geo Mashup Wordpress plugin

[cve-assign () mitre org]

> Citing the description, Geo Mashup is a plugin for Wordpress designed
> to let you
> save location information with posts, pages, and other WordPress objects.
> These information can then be presented on interactive maps in many ways.
>
> Plugin versions before 1.8.3 suffer from a cross site scripting
> vulnerability when displaying search results. The search key was not
> properly sanitized so an attacker can eventually inject arbitrary
> javascript code.
>
> Plugin author was contacted on December 16, and by January 11 the
> vulnerability was fixed and plugin version 1.8.3 was released (
> https://wordpress.org/plugins/geo-mashup/changelog/).
>
>
> Paolo
> --
> $ cd /pub
> $ more beer
>
> Il primo blog di application security italiano morbido fuori e croccante
> dentro: https://codiceinsicuro.it

Use CVE-2015-1383.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]