oss-sec mailing list archives
CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=
From: Henri Salo <henri () nerv fi>
Date: Sun, 18 Dec 2011 11:45:28 +0200
Can I get CVE-identifier for this issue? Original report: http://seclists.org/bugtraq/2011/Nov/133 Vendor report: http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities Fixed in 2.0.2 Vulnerable versions: 2.0.1 and all below One example: advancedtext.php?page= http://wordpress.org/extend/plugins/advanced-text-widget/changelog/ ------------------------------------------------------------------------ r466102 | maxchirkov | 2011-11-22 19:32:02 +0200 (Tue, 22 Nov 2011) | 2 lines Committing version 2.0.2 - Updated all instances of $_GET method with esc_attr() to improve security. ------------------------------------------------------------------------ - Henri Salo
Current thread:
- CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Henri Salo (Dec 18)
- Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Kurt Seifried (Dec 19)