|
Description
|
|
High-Tech Bridge SA has discovered multiple vulnerabilities in the Pretty Link plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "min_date" parameter to wp-content/plugins/pretty-link/classes/views/prli-clicks/head.php, the "message" parameter to wp-content/plugins/pretty-link/classes/views/prli-dashboard-widget/widget.php, the "errors[]" parameter to wp-content/plugins/pretty-link/classes/views/shared/errors.php, and the "page_first_record", "page_last_record", "record_count", "controller_file", and "page_params" parameters to wp-content/plugins/pretty-link/classes/views/shared/table-nav.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via various parameters to wp-content/plugins/pretty-link/classes/views/prli-links/form.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Examples:
http://[host]/wp-content/plugins...s/form.php?prli_blogurl=[script]
http://[host]/wp-content/plugins...s/form.php?values[slug]=[script]
http://[host]/wp-content/plugins...ues[redirect_type][307]=[script]
Successful exploitation requires that "register_globals" is enabled.
The vulnerabilities are confirmed in version 1.4.56. Other versions may also be affected.
|
