Twenty Year Anniversary

WordPress GravityForms 1.9.15.11 Cross Site Scripting

WordPress GravityForms 1.9.15.11 Cross Site Scripting
Posted Mar 1, 2016
Authored by Henri Salo

WordPress GravityForms plugin version 1.9.15.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c142342ca683fa55e9fd70b3bcd9dbd0

WordPress GravityForms 1.9.15.11 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin GravityForms
Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius

Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution Status: Fixed by Vendor
Vendor Notification: 2016-01-21
Solution date: 2016-02-03
Public Disclosure: 2016-03-01

Vulnerability details:
- ----------------------

The software does not neutralize or incorrectly neutralizes user-controllable
input before it is placed in output that is used as a web page that is served to
users.

Steps to reproduce:
- -------------------

1. Log in to WordPress administrator panel with "Administrator" role
2. Open URL below:

http://example.org/wp-admin/admin.php?page=gf_settings&subview=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E%0A

Solution:
- ---------

Upgrade to 1.9.16 version.

References:
- -----------

https://www.gravityhelp.com/gravity-forms-v1-9-16-released/

Notes:
- ------

Please note that WordPress HTTP authentication cookie is using HttpOnly flag by
default.

Timeline:
- ---------

2016-01-21: Issue reported to vendor
2016-01-21: Vendor confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published priorities
2016-03-01: Public advisory

- --
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
FIN-02151 Espoo, Finland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW1VFsAAoJEHu3+uinl6paKdQP/2219uKXJgBi18mQ+E8ljc6B
DGg0XupoMKsr8yvK4wWK3Evrjce7mZgQv0YnFw8D9nG/QEBEckrGEhDxtBYQ1I3c
wRS03xsA942o+4Jxs3Adc5iAGN8XY2NbMHGgq0HywZPB2jK1nvAVYrycoJ8ATWl5
srDMlvv9YJmakdw9nQtijFyyTIL0kU949VTJGq6yM7Ug6D46kx0Km5lFVqfRmQhj
hRCq/F4PmnsGcgYOBzitKzoSeB+v+/Crw7Heghy/JQrS0TnuUXl82ZoJuFK9CNLj
vPj292884DeYmsNON+4t+jTTbnFwgE/GWqXtXAblFITvVFSVczXCEzxyQvK+jaXQ
LL6toYclrJ5qVU9y20SQyf0TUdWpLQGCNj0+AvXrtMv76uStLW1/Y4seaGG5y+fU
tHc9W9Y2bVT7M52l2OWeVpqlDnb4z3tyMHx6jBEeeTnhC2Jf94HRKdzLZErfY882
OdkxhGYC7AmwqqWZbNSYdzVpb91+yI3EXUiMb9WclfVVCEWCu0GzFtg1bw0x5l3f
n/0/UYVfxaN0JsmYWEduCkSCLRGKjOmy4NsFTJ8LflHMA7kl466ECsE21+hC2T7j
VPg68YB4hLBbwswl5exWrauVHv5E5cTcb/YwPYfuD/WBiC9aMzaQkyDzHGmYqiyZ
cngKk2P97PQs3pf3RuEE
=Cs0K
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close