[go: up one dir, main page]

oss-sec mailing list archives

CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=


From: Henri Salo <henri () nerv fi>
Date: Sun, 18 Dec 2011 11:45:28 +0200

Can I get CVE-identifier for this issue?

Original report: http://seclists.org/bugtraq/2011/Nov/133
Vendor report: 
http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
Fixed in 2.0.2
Vulnerable versions: 2.0.1 and all below
One example: advancedtext.php?page=

http://wordpress.org/extend/plugins/advanced-text-widget/changelog/
------------------------------------------------------------------------
r466102 | maxchirkov | 2011-11-22 19:32:02 +0200 (Tue, 22 Nov 2011) | 2 lines

Committing version 2.0.2
- Updated all instances of $_GET method with esc_attr() to improve security.
------------------------------------------------------------------------

- Henri Salo


Current thread: