| Title: Reflected XSS in wordpress plugin anyvar v0.1.1 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/anyvar |
| Downloads: 1664 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: anyvar |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./anyvar/anyvar.php:
174: <form id="anyvar-filter" action="?page=<?php echo $_GET['page'];?>" method="post">
233: <form name="addvar" id="addvar" method="post" action="?page=<?php echo $_GET['page'];?>" class="add:the-list: validate"><input type="hidden" name="action" value="<?php echo ($action == 'edit') ? 'edited' : 'add';?>" />
The variable page appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./anyvar/anyvar.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|