|
Description
|
|
MustLive has reported a vulnerability in the Black and White theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "id" parameter to wp-content/themes/black-and-white/framework/admin/assets/js/ZeroClipboard.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in version 1.5. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress Black and White Theme 1.x
|
|
|
|
|
|
Solution
|
|
No official solution is currently available.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
MustLive:
http://packetstormsecurity.org/files/121174/ZeroClipbord.swf-Cross-Site-Scripting-Path-Disclosure.html
http://websecurity.com.ua/6401/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
