WordPress GravityForms 1.9.15.11 Cross Site Scripting

WordPress GravityForms 1.9.15.11 Cross Site Scripting: Posted Mar 1, 2016; Authored by Henri Salo; WordPress GravityForms plugin version 1.9.15.11 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | b9b98a35deb580cb3991e6926dcdef9f356de1a842e73426ecff9e3790bac492; Download | Favorite | View

WordPress GravityForms 1.9.15.11 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin GravityForms
Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius

Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution Status: Fixed by Vendor
Vendor Notification: 2016-01-21
Solution date: 2016-02-03
Public Disclosure: 2016-03-01

Vulnerability details:
- ----------------------

The software does not neutralize or incorrectly neutralizes user-controllable
input before it is placed in output that is used as a web page that is served to
users.

Steps to reproduce:
- -------------------

1. Log in to WordPress administrator panel with "Administrator" role
2. Open URL below:

http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A

Solution:
- ---------

Upgrade to 1.9.16 version.

References:
- -----------

https://www.gravityhelp.com/gravity-forms-v1-9-16-released/

Notes:
- ------

Please note that WordPress HTTP authentication cookie is using HttpOnly flag by
default.

Timeline:
- ---------

2016-01-21: Issue reported to vendor
2016-01-21: Vendor confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities
2016-03-01: Public advisory

- -- 
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
FIN-02151 Espoo, Finland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B
DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c
wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5
srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj
hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj
vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ
LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU
tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882
OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f
n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j
VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ
cngKk2P97PQs3pf3RuEE
=Cs0K
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

WordPress GravityForms 1.9.15.11 Cross Site Scripting

WordPress GravityForms 1.9.15.11 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress GravityForms 1.9.15.11 Cross Site Scripting

Share This

WordPress GravityForms 1.9.15.11 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems