Closed
Bug 778316
Opened 12 years ago
Closed 12 years ago
Fix XSS Before Installing Backend Localization Plugin
Categories
(Websites Graveyard :: blog.mozilla.org, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mfuller, Unassigned)
References
Details
(Keywords: wsec-xss)
The Backend Localization plugin allows an admin WP area to be in a different language than the rest of the site. We need this plugin to allow English speakers to admin blogs in other countries. During the security review of the plugin, XSS was found because the "kau-boys_backend_localization_language" parameter is not sanitized. The provided variable (such as en-US, de, etc.) is used within the comments of each page. Using ">--><script>alert(1);</script> as the payload causes the comment to be ended and the script to execute. http://site.com/wp-admin/upload.php?kau-boys_backend_localization_language=%22%3E--%3E%3Cscript%3Ealert%281%29;%3C/script%3E Because of the way the language file is saved, this XSS is further reflected on every admin page visited. Before the plugin can be installed, we need to fix this. I will attempt to contact the developer, but a dev here could fix it if possible by simply escaping the parameter.
Reporter | ||
Comment 1•12 years ago
|
||
Just an update on this - the developer has replied and we are actively working on a fix which should be up in 1-2 days.
Reporter | ||
Comment 2•12 years ago
|
||
Plugin has been fixed - see 2.0.2 at http://wordpress.org/extend/plugins/kau-boys-backend-localization/changelog/
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 3•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•6 years ago
|
Product: Websites → Websites Graveyard
Assignee | ||
Updated•6 years ago
|
Component: blog.mozilla.com/theden → blog.mozilla.org
Updated•6 years ago
|
Product: Websites Graveyard → Websites
Updated•6 years ago
|
Product: Websites → Websites Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•