Twenty Year Anniversary

WordPress GravityForms 1.9.15.11 Cross Site Scripting

WordPress GravityForms 1.9.15.11 Cross Site Scripting
Posted Mar 1, 2016
Authored by Henri Salo

WordPress GravityForms plugin version 1.9.15.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c142342ca683fa55e9fd70b3bcd9dbd0

WordPress GravityForms 1.9.15.11 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin GravityForms
Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius

Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution Status: Fixed by Vendor
Vendor Notification: 2016-01-21
Solution date: 2016-02-03
Public Disclosure: 2016-03-01

Vulnerability details:
- ----------------------

The software does not neutralize or incorrectly neutralizes user-controllable
input before it is placed in output that is used as a web page that is served to
users.

Steps to reproduce:
- -------------------

1. Log in to WordPress administrator panel with "Administrator" role
2. Open URL below:

http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A

Solution:
- ---------

Upgrade to 1.9.16 version.

References:
- -----------

https://www.gravityhelp.com/gravity-forms-v1-9-16-released/

Notes:
- ------

Please note that WordPress HTTP authentication cookie is using HttpOnly flag by
default.

Timeline:
- ---------

2016-01-21: Issue reported to vendor
2016-01-21: Vendor confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities
2016-03-01: Public advisory

- --
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
FIN-02151 Espoo, Finland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B
DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c
wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5
srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj
hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj
vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ
LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU
tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882
OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f
n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j
VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ
cngKk2P97PQs3pf3RuEE
=Cs0K
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close