Title: Reflected XSS in wordpress plugin anyvar v0.1.1 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/anyvar |
Downloads: 1664 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: anyvar |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./anyvar/anyvar.php:
174: <form id="anyvar-filter" action="?page=<?php echo $_GET['page'];?>" method="post">
233: <form name="addvar" id="addvar" method="post" action="?page=<?php echo $_GET['page'];?>" class="add:the-list: validate"><input type="hidden" name="action" value="<?php echo ($action == 'edit') ? 'edited' : 'add';?>" />
The variable page appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./anyvar/anyvar.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|