閱讀文章 - 看板 Bugtraq - 批踢踢實業坊

發信人pietroliva@gmail.com (Pietro Oliva),

看板Bugtraq

標題Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability

發信站NCTU CS FreeBSD Server (Thu Feb 13 16:08:13 2014)

轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!securityfocus.

# Vulnerability: Wordpress plugin Buddypress <=3D 1.9.1 stored xss # Date: 13/02/2014 # Author: Pietro Oliva # Vendor Homepage:=C2=A0http://buddypress.org # Software Link:=C2=A0http://downloads.wordpress.org/plugin/buddypress.1.9.= 1.zip # Version: 1.9.1 # CVE : [CVE-2014-1888] # Responsibly disclosed and patched in version 1.9.2 During the group creation process in Buddypress it's possible to inject javascript code into the name field in the form at http://example.com/groups/create/step/group-details/=C2=A0as for instance: name" onmouseover=3D"alert('xss'). To test this vulnerability you have reproduce the following steps: 1) create a group named as follows: name" onmouseover=3D"alert('xss') 2) visiting this url:http://example.com/groups/create/step/group-details/=C2=A0causes the alert to show on mouse over the group name field -Pietro Oliva-