Title: Reflected XSS in wordpress plugin browser-blocker v0.5.6 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/browser-blocker |
Downloads: 8573 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: browser-blocker |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./browser-blocker/browser_blocker.php:
591: <a href="?page=<?php echo $_GET["page"] ?>&whichP=simple"><div id="bb_simple" class="tab <?php if(!isset($_GET["whichP"]) || $_GET["whichP"] == "simple"){ echo "open"; }else{ echo "closed"; } ?>" >Simple Options</div></a><a href="?page=<?php echo $_GET["page"] ?>&whichP=advanced"><div id="bb_advanced" class="tab <?php if(isset($_GET["whichP"]) && $_GET["whichP"] == "advanced"){ echo "open"; }else{ echo "closed"; } ?>" >Advanced Options</div></a><div style="clear:both"></div>
The variable page appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./browser-blocker/browser_blocker.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|