Lucene search
SecurityvulnsSECURITYVULNS:DOC:30678HistoryMay 05, 2014 - 12:00 a.m.
Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability
2014-05-0500:00:00
vulners.com
16
Vulnerability: Wordpress plugin Buddypress <= 1.9.1 stored xss
Date: 13/02/2014
Author: Pietro Oliva
Vendor Homepage: http://buddypress.org
Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip
Version: 1.9.1
CVE : [CVE-2014-1888]
Responsibly disclosed and patched in version 1.9.2
During the group creation process in Buddypress it's possible to
inject javascript code into the name field in the form at
http://example.com/groups/create/step/group-details/ as for instance:
name" onmouseover="alert('xss').
To test this vulnerability you have reproduce the following steps:
1) create a group named as follows: name" onmouseover="alert('xss')
2) visiting this
url:http://example.com/groups/create/step/group-details/ causes the
alert to show on mouse over the group name field
-Pietro Oliva-
Related
packetstorm
packetstorm
WordPress Buddypress 1.9.1 Cross Site Scripting
2014-02-14 00:00:00
patchstack
patchstack
WordPress BuddyPress Plugin <= 1.9.1 - XSS
2014-02-07 00:00:00
wpvulndb
wpvulndb
Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
2014-08-01 10:58:44
zdt
zdt
WordPress Buddypress 1.9.1 Cross Site Scripting Vulnerability
2014-02-15 00:00:00
seebug
seebug
Wordpress Buddypress插件'name'字段HTML注入漏洞
2014-02-18 00:00:00
prion
prion
Cross site scripting
2014-03-01 00:01:00
cve
cve
CVE-2014-1888
2014-03-01 00:01:00
securityvulns
securityvulns
Related for SECURITYVULNS:DOC:30678