Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTobias GlemserPACKETSTORM:129626
HistoryDec 17, 2014 - 12:00 a.m.

W3 Total Cache 0.9.4 Cross Site Scripting

2014-12-1700:00:00
Tobias Glemser
packetstormsecurity.com
38

0.002 Low

EPSS

Percentile

62.5%

JSON
`secuvera-SA-2014-01: Reflected XSS in W3 Total Cache  
  
Affected Products  
W3 Total Cache 0.9.4 (older releases have not been tested)  
  
"The only WordPress Performance Optimization (WPO) framework;   
designed to improve user experience and page speed. (..)  
W3 Total Cache improves the user experience of your site by   
increasing server performance, reducing the download times   
and providing transparent content delivery network (CDN)   
integration."  
  
References  
https://wordpress.org/plugins/w3-total-cache/  
https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8724  
  
Summary:  
If the option "Page cache debug info" is enabled, W3 Total   
Cache adds some HTML-Comments including the "Cache key" which   
is the URL itself. The URL is just reflected without any output   
encoding.  
  
Effect:  
An attacker could include clientside Scriptcode in a request,   
which will be reflected by the application. Using some social   
engineering an attacker would be able to compromise users of   
the application.  
  
Vulnerable Scripts:  
Debug Function  
  
Examples:  
https://$victim/nothing--<script>alert("XSS")</script>  
  
Solution:  
Install bug fix release. Always make sure to disable debug function   
in productive environments.  
  
Disclosure Timeline:  
2014/09/17 vendor contacted via https://www.w3-edge.com/contact/  
2014/10/07 vendor reacted including a first patch preview  
2014/10/14 notified vendor the patch does not address the issue  
2014/10/24 vendor sent a second patch preview   
2014/12/10 vendor published 0.9.4.1 release  
2014/12/16 public disclosure  
  
Credits:  
Tobias Glemser, secuvera GmbH  
[email protected]  
https://www.secuvera.de  
  
Disclaimer:  
All information is provided without warranty. The intent is to   
provide information to secure infrastructure and/or systems, not  
to be able to attack or damage. Therefore secuvera shall   
not be liable for any direct or indirect damages that might be   
caused by using this information.  
`

Related

nessus 1
cve 1
wpvulndb 1
securityvulns 2
patchstack 1
prion 1
openvas 1
nessus
nessus
W3 Total Cache Plugin For WordPress Cache Key XSS
2015-01-15 00:00:00
cve
cve
CVE-2014-8724
2014-12-19 15:59:00
wpvulndb
wpvulndb
W3 Total Cache <= 0.9.4 - Debug Mode XSS
2014-12-12 09:20:23
securityvulns
securityvulns
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache
2014-12-22 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-22 00:00:00
patchstack
patchstack
WordPress W3 Total Cache Plugin <= 0.9.4 - XSS
2014-11-10 00:00:00
prion
prion
Cross site scripting
2014-12-19 15:59:00
openvas
openvas
WordPress W3 Total Cache < 0.9.4.1 XSS Vulnerability - Active Check
2014-12-23 00:00:00

0.002 Low

EPSS

Percentile

62.5%

JSON
Related for PACKETSTORM:129626
nessus1cve1wpvulndb1securityvulns2patchstack1prion1openvas1