WordPress ‘All-in-One Event Calendar’ 插件多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121042 漏洞类型 跨站脚本
发布时间 2012-04-11 更新时间 2012-04-11
CVE编号 CVE-2012-1835 CNNVD-ID CNNVD-201204-218
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/37077
https://www.securityfocus.com/bid/52986
https://cxsecurity.com/issue/WLB-2012040111
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201204-218
|漏洞详情
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress的All-in-OneEventCalendar插件中存在多个跨站脚本漏洞,这些漏洞源于对用户提供的输入未经正确过滤。攻击者可利用这些漏洞在受影响站点上下文的不知情用户浏览器上执行任意脚本代码,盗取基于cookie的认证证书进而发起其他攻击。All-in-OneEventCalendar1.4和1.5版本中存在这些漏洞,之前其他版本也可能受到影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/52986/info
  
All-in-One Event Calendar plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
  
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
  
All-in-One Event Calendar 1.4 is vulnerable; other prior versions may also be affected. 

http://wp/wp-content/plugins/all-in-one-event-calendar/app/view/save_successful.php?msg=%3Cscript%3E alert%28document.cookie%29;%3C/script%3E
|受影响的产品
The Seed Studio All-in-One Event Calendar Plugin 1.4
|参考资料

来源:www.htbridge.com
链接:https://www.htbridge.com/advisory/HTB23082
来源:BID
名称:52986
链接:http://www.securityfocus.com/bid/52986
来源:BUGTRAQ
名称:20120411MultipleXSSvulnerabilitiesinAll-in-OneEventCalendarPluginforWordPress
链接:http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html