Vulners
Lucene search
W3 Total Cache 0.9.4 Cross Site Scripting
🗓️ 17 Dec 2014 00:00:00Reported by Tobias GlemserType 
packetstorm🔗 packetstormsecurity.com👁 52 Views
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2014-8724 | 19 Dec 201415:00 | – | cve |
 | CVE-2014-8724 | 19 Dec 201415:00 | – | cvelist |
 | EUVD-2014-8556 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-8724 | 19 Dec 201415:59 | – | nvd |
 | WordPress W3 Total Cache < 0.9.4.1 XSS Vulnerability - Active Check | 23 Dec 201400:00 | – | openvas |
 | WordPress W3 Total Cache Plugin <= 0.9.4 - XSS | 10 Nov 201400:00 | – | patchstack |
 | Cross site scripting | 19 Dec 201415:59 | – | prion |
 | PT-2014-8691 · Frederick Townes · W3 Total Cache | 19 Dec 201400:00 | – | ptsecurity |
 | secuvera-SA-2014-01: Reflected XSS in W3 Total Cache | 22 Dec 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 22 Dec 201400:00 | – | securityvulns |
10
`secuvera-SA-2014-01: Reflected XSS in W3 Total Cache
Affected Products
W3 Total Cache 0.9.4 (older releases have not been tested)
"The only WordPress Performance Optimization (WPO) framework;
designed to improve user experience and page speed. (..)
W3 Total Cache improves the user experience of your site by
increasing server performance, reducing the download times
and providing transparent content delivery network (CDN)
integration."
References
https://wordpress.org/plugins/w3-total-cache/
https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8724
Summary:
If the option "Page cache debug info" is enabled, W3 Total
Cache adds some HTML-Comments including the "Cache key" which
is the URL itself. The URL is just reflected without any output
encoding.
Effect:
An attacker could include clientside Scriptcode in a request,
which will be reflected by the application. Using some social
engineering an attacker would be able to compromise users of
the application.
Vulnerable Scripts:
Debug Function
Examples:
https://$victim/nothing--<script>alert("XSS")</script>
Solution:
Install bug fix release. Always make sure to disable debug function
in productive environments.
Disclosure Timeline:
2014/09/17 vendor contacted via https://www.w3-edge.com/contact/
2014/10/07 vendor reacted including a first patch preview
2014/10/14 notified vendor the patch does not address the issue
2014/10/24 vendor sent a second patch preview
2014/12/10 vendor published 0.9.4.1 release
2014/12/16 public disclosure
Credits:
Tobias Glemser, secuvera GmbH
[email protected]
https://www.secuvera.de
Disclaimer:
All information is provided without warranty. The intent is to
provide information to secure infrastructure and/or systems, not
to be able to attack or damage. Therefore secuvera shall
not be liable for any direct or indirect damages that might be
caused by using this information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Dec 2014 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00347