Vulners
Lucene search
WordPress Plotly 1.0.2 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | WordPress Plotly Plugin HTML Injection Vulnerability | 24 Jul 201500:00 | – | cnvd |
 | CVE-2015-5484 | 15 Jan 202015:31 | – | cve |
 | CVE-2015-5484 | 15 Jan 202015:31 | – | cvelist |
 | EUVD-2015-5439 | 7 Oct 202500:30 | – | euvd |
 | CVE-2015-5484 | 15 Jan 202016:15 | – | nvd |
 | Cross site scripting | 15 Jan 202016:15 | – | prion |
 | Plotly <= 1.0.2 - Authenticated Stored Cross-Site Scripting (XSS) | 13 Jul 201500:00 | – | wpvulndb |
`Details
================
Software: Plotly
Version: 1.0.2
Homepage: http://wordpress.org/plugins/wp-plotly/
Advisory report: https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
CVE: CVE-2015-5484
CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P)
Description
================
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts
Vulnerability
================
This plugin allows users who do not have the unfiltered_html capability to insert JavaScript into posts/pages which gets executed by the browsers of other users.
On single sites, only Administrators have the unfiltered_html capability, and on multisite, only Super Admins have this capability. This means that e.g. malicious Admins on a multisite, or malicious Editors would be able to perform XSS attacks against other site users and visitors.
Proof of concept
================
Create a new post as a user (without the unfiltered_html capability)
Switch to text mode
Place this link on a line by itself: https://plot.ly/~a/’onerror=’alert(1)’>
View the post
Mitigations
================
Upgrade to version 1.0.3 or later.
N.B. If all accounts are trusted, or all accounts have the unfiltered_html capability, then there is no issue.
Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]) as they generally cannot communicate with us on your behalf.
This vulnerability will be published if we do not receive a response to this report with 14 days.
Timeline
================
2015-06-04: Discovered
2015-07-09: Reported to vendor via the contact form on the Plotly Enterprise site
2015-07-09: Requested CVE
2015-07-10: Vendor responded and confirmed fixed in 1.0.3
2015-07-13: Published
Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jul 2015 00:00Current
5.6Medium risk
Vulners AI Score5.6
EPSS0.00212