oss-security - Request CVE ID for Simple Photo Gallery 1.8.0

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <CAGDGa53U+Nq3nZv-u7azf--UuHdex0PmXB6tmaRct81scV5y7Q@mail.gmail.com>
Date: Wed, 11 May 2016 16:28:57 -0300
From: Oliveira Lima <oliveiralimajr@...il.com>
To: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS

request CVE ID for Simple Photo Gallery <= 1.8.0 - Stored Cross-Site
Scripting (XSS)

Description
***********************

The plugin allows the execution of malicious codes on name input of the
gallery and album.

Proof of Concept URL
***************************

http://www.rootlabs.com.br/xss-simple-photo-gallery/

Report Timeline
************************
26-April-2016- Reported
27-April-2016- Vendor Response
27 -April-2016- Vendor Fixed
28-April-2016- Public disclosed

Vendo Reference
*****************
https://br.wordpress.org/plugins/simple-photo-gallery/changelog/

References
*****************

<https://br.wordpress.org/plugins/simple-photo-gallery/changelog/>
http://www.rootlabs.com.br/xss-simple-photo-gallery/
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

-- 
Oliveira Lima Jr
rootlabs.com.br
Linkedin <http://br.linkedin.com/pub/oliveira-lima-junior/2b/48/285/>
@oliveiralimajr <https://twitter.com/oliveiralimajr>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.