Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius
Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution Status: Fixed by Vendor
Vendor Notification: 2016-01-21
Solution date: 2016-02-03
Public Disclosure: 2016-03-01
Vulnerability details:
- ----------------------
The software does not neutralize or incorrectly neutralizes user-controllable
input before it is placed in output that is used as a web page that is served to
users.
Steps to reproduce:
- -------------------
1. Log in to WordPress administrator panel with "Administrator" role
2. Open URL below:
http://example.org/wp-admin/
Solution:
- ---------
Upgrade to 1.9.16 version.
References:
- -----------
https://www.gravityhelp.com/
Notes:
- ------
Please note that WordPress HTTP authentication cookie is using HttpOnly flag by
default.
Timeline:
- ---------
2016-01-21: Issue reported to vendor
2016-01-21: Vendor confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities
2016-03-01: Public advisory
- --
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
FIN-02151 Espoo, Finland
Komentarų nėra:
Rašyti komentarą