oss-sec mailing list archives
Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability
From: Henri Salo <henri () nerv fi>
Date: Sat, 16 Jan 2016 13:45:44 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 13, 2016 at 07:42:12PM +0530, Rahul Pratap Singh wrote:
I would request you to assign CVE id to this issue. file: commentator.php line:441 $provider_name = $_REQUEST["provider"]; line:544 <div id="commentator-social-signin" class="commentator-<?php echo $provider_name; ?>"> /wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)> https://0x62626262.files.wordpress.com/2016/01/commentatorxsspoc.png http://codecanyon.net/item/commentator-wordpress-plugin/6425752 https://0x62626262.wordpress.com/2016/01/13/commentator-wordpress-plugin-xss-vulnerability Fix: Update to 2.5.3
Are you sure that this plugin is open source software? There is a plugin named "commentator" in the WordPress Plugin Directory[1,2], but it seems to be different codebase (might be older version) and last update is 2012-10-28. Item in codecanyon.net requires paid license. 1: http://plugins.svn.wordpress.org/commentator/trunk/ 2: http://plugins.svn.wordpress.org/commentator/trunk/readme.txt - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWmi1oAAoJECet96ROqnV0W9MQAM7/GMMtvzWRATSgzTXJhcw3 HnNwxM37fwyUOxxkAiwI0Qhb5btrZ4mnIK1oOpHZ1d55le/6GBdvxG28lmN9KZBs 8iiv26hX1D/+tDyXWLtRaZUwC46Mx7geoNoH55dk+MWip1LdhIDjc7eqvB26GT04 nq8y5gPHUv6VEtS/rgLzW6VVrATVxCTOvHMEzvxgbkHmntDRIaVsDk+krQ8HnlUM U7x0REkQmvhM+lAascIaS0vYLz+Had1+Us4F+cA88FPpA2UGzXvRXOcoyYLGu5H+ 99RgnTP1x1Lk6/1E5NYfSnyNwsS8wFsxw8SlUEbRJaEqFJSYjhHq0ho+yVTC9ekx z2y0AfOZ/5xjsUZkJgJOwV9ovXVwhe1S55ChmgJRsQ20wc0w8qSgQVd+7+PEiMvb ZJxie5x0vsc9X8jQPPBrYCA9RfDIQnNeYcebdECZm/zg0IvGBTKqu2ZSht8ndymC W8yZop/BkXO9Ge1SLW2jpRkTJG6moH/k7b0X4Lim1GtaAi21hdUvgOZ8LLQnWk0G AphLO8mSauqyEU5sY2g3zHMVbIGzjuQ8Iw2So1WNLdoxss5lm75YEhCij0bpVXSb 7bCLrlvxPtbphuEA2Mb8R9jPQ7xI66EqjOu+yZfyUnfY27Co7sCUGUnkLGoxfhHU t0yWufUCj9ZCW7lfA01K =dsWg -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh (Jan 13)
- Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Henri Salo (Jan 16)