| Title: Reflected XSS in wordpress plugin active-extra-fields v1.0.1 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/active-extra-fields |
| Downloads: 1489 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: active-extra-fields |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./active-extra-fields/custom-fields-manager.class.php:
309: <!--<h4><a href="options-general.php?page=more-fields.php"><?php _e('Boxes', 'more-fields'); ?></a> > <a href="options-general.php?page=more-fields&action=edit_box&box=<?php echo urlencode($_GET['box']); ?>"><?php echo $_GET['box']; ?></a> > <?php echo $nav; ?></h4>-->
The variable box appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./active-extra-fields/custom-fields-manager.class.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|