WordPress GravityForms 1.9.15.11 Cross Site Scripting

2016.03.02
Credit: Henri Salo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin GravityForms Product URL: http://www.gravityforms.com/ Vendor: Rocketgenius Vulnerability Type: Reflected Cross-site Scripting (CWE-79) Vulnerable Versions: 1.9.15.11 (other versions not tested) Fixed Version: 1.9.16 Solution Status: Fixed by Vendor Vendor Notification: 2016-01-21 Solution date: 2016-02-03 Public Disclosure: 2016-03-01 Vulnerability details: - ---------------------- The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Steps to reproduce: - ------------------- 1. Log in to WordPress administrator panel with "Administrator" role 2. Open URL below: http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A Solution: - --------- Upgrade to 1.9.16 version. References: - ----------- https://www.gravityhelp.com/gravity-forms-v1-9-16-released/ Notes: - ------ Please note that WordPress HTTP authentication cookie is using HttpOnly flag by default. Timeline: - --------- 2016-01-21: Issue reported to vendor 2016-01-21: Vendor confirms the issue 2016-02-03: Vendor publishes new release 2016-02-29: CVE request 2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities 2016-03-01: Public advisory - -- Henri Salo Security Specialist, Nixu Oy Mobile: +358 40 770 5733 PL 39 FIN (Keilaranta 15) FIN-02151 Espoo, Finland -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5 srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882 OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ cngKk2P97PQs3pf3RuEE =Cs0K -----END PGP SIGNATURE-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top