|
|
|
Credit:
The original article can be found at: http://packetstormsecurity.org/files/view/109114/wpslideshowgallery-xss.txt
The information has been provided by Bret Hawk.
|
|
Vulnerable Systems:
* Wordpress Slideshow Gallery2 and prior
WordPress Slideshow Galelry Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the gallery-css.php script. A remote attacker could exploit this vulnerability using the border parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Vendor Status:
Currently we are not aware of any vendor-supplied patches.
CVE Information:
CVE-2012-5229
Disclosure Timeline:
Publish Date : 2012-10-01
Last Update Date : 2012-10-02
|
|
|
|