Title: Reflected XSS in wordpress plugin spiffy-calendar v3.0.5 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/spiffy-calendar |
Downloads: 36699 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: spiffy-calendar |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./spiffy-calendar/includes/admin/admin-settings-tab-categories.php:
48:<td><input type="text" name="category_name" class="input" size="30" maxlength="30" value="<?php echo $_POST['category_name']; ?>" /></td>
52:<td><input type="text" class="spiffy-color-field" name="category_colour" class="input" size="10" maxlength="7" value="<?php echo $_POST['category_colour']; ?>" />
The variable category_name appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./spiffy-calendar/includes/admin/admin-settings-tab-categories.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|