Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
WordPress plugin snazzy-archives XSS vulnerability
2013.03.11
Credit:
Henri Salo
Risk:
Low
Local:
No
Remote:
Yes
CVE:
CVE-2009-4168
CWE:
CWE-79
Ogólna skala CVSS:
4.3/10
Znaczenie:
2.9/10
Łatwość wykorzystania:
8.6/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Średnia
Autoryzacja:
Nie wymagana
Wpływ na poufność:
Brak
Wpływ na integralność:
Częściowy
Wpływ na dostępność:
Brak
Plugin URL: http://wordpress.org/extend/plugins/snazzy-archives/ Versions affected: 1.7.1 and below Reported to WordPress plugins team: 2013-02-03 Status: Plugin currently disabled by WordPress plugins team. Not fixed by plugin maintainer. PoC: wp-content/plugins/snazzy-archives/i/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert%28%22oss-security%20is%20great!%22%29%27+style=%27font-size:+40pt%27%3Efree%20pr0n%3C/a%3E%3C/tags%3E faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.4/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.6.3/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.5/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.7.0/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.3.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.0.1/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/1.2.2/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/tags/0.6/i/tagcloud.swf faa1b18d043ab7653e0f79d44450b802d2b6627e ./snazzy-archives/trunk/i/tagcloud.swf -- Henri Salo
Referencje:
http://seclists.org/oss-sec/2013/q1/614
http://wordpress.org/extend/plugins/snazzy-archives/
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English