WordPress Buddypress 1.9.1 Cross Site Scripting Vulnerability

2014-02-1500:00:00

Pietro Oliva

0day.today

EPSS

0.003

Percentile

68.2%

JSON

WordPress Buddypress plugin versions 1.9.1 and below suffer from a persistent cross site scripting vulnerability.

# Vulnerability: Wordpress plugin Buddypress <= 1.9.1 stored xss
# Date: 13/02/2014
# Author: Pietro Oliva
# Vendor Homepage: http://buddypress.org
# Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip
# Version: 1.9.1
# CVE : [CVE-2014-1888]
# Responsibly disclosed and patched in version 1.9.2

During the group creation process in Buddypress it's possible to
inject javascript code into the name field in the form at
http://example.com/groups/create/step/group-details/ as for instance:
name" onmouseover="alert('xss').

To test this vulnerability you have reproduce the following steps:

1) create a group named as follows: name" onmouseover="alert('xss')
2) visiting this
url:http://example.com/groups/create/step/group-details/ causes the
alert to show on mouse over the group name field

#  0day.today [2018-01-08]  #

EPSS

0.003

Percentile

68.2%

JSON

Related for 1337DAY-ID-21898