| Title: Reflected XSS in wordpress plugin myarcadeblog v5.1.0 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/myarcadeblog |
| Downloads: 65007 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: myarcadeblog |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./myarcadeblog/core/myarcade_admin.php:
745: <span id="general_delmap_<?php echo $_POST['mapcat']; ?>_<?php echo $feedcategories[$i]['Slug']; ?>" class="remove_map">
746: <img style="flaot:left;top:4px;position:relative;" src="<?php echo MYARCADE_CORE_URL; ?>/images/remove.png" alt="UnMap" onclick="myabp_del_map('<?php echo $_POST['mapcat']; ?>', '<?php echo $feedcategories[$i]['Slug']; ?>', 'general')" /> <?php echo $cat_name; ?>
793: <span id="bigfish_delmap_<?php echo $_POST['mapcat']; ?>_<?php echo $bigfish['categories'][$i]['ID']; ?>" class="remove_map">
794: <img style="flaot:left;top:4px;position:relative;" src="<?php echo MYARCADE_CORE_URL; ?>/images/remove.png" alt="UnMap" onclick="myabp_del_map('<?php echo $_POST['mapcat']; ?>', '<?php echo $bigfish['categories'][$i]['ID']; ?>', 'bigfish')" /> <?php echo $cat_name; ?>
The variable mapcat appears to send unsanitized data back to the users browser via POST request.
|
| CVE-ID: Not Released |
| File:./myarcadeblog/core/myarcade_admin.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|