Title: Reflected XSS in wordpress plugin sms-ovh v0.1 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/sms-ovh |
Downloads: 416 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: sms-ovh |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./sms-ovh/sms-ovh-categorie.php:
34: <div id="message" class="error"><p>Vous devez confirmer la suppression de cette base de données et de son contenu : <a href="?page=<?php echo $_REQUEST['page']; ?>&smsovh_supp2=<?php echo $_GET['smsovh_supp']; ?>">CONFIRMEZ LA SUPPRESSION</a> ou <a href="?page=<?php echo $_REQUEST['page']; ?>">ANNULER</a></p></div>
The variable smsovh_supp appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./sms-ovh/sms-ovh-categorie.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|