[VIM] WordPress Better WP Security Plugin HTML Injection Vulnerability

[Kurt Seifried]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/03/2013 07:56 PM, Henri Salo wrote:
> On Fri, Aug 02, 2013 at 08:35:41PM +0000, George Theall wrote:
>> Narayan / Venkat / Rob : what difference is there between BIDs
>> 61562 and 61518? Both credit Richard Warren and involve an XSS
>> vulnerability addressed in Better WP Security 3.5.4. The plugin's
>> change log
>> (http://www.wordpress.org/plugins/better-wp-security/changelog/)
>> only lists one XSS issue:
>> 
>> • Fixed an XSS vulnerability in the logevent function. Fix by
>> Richard Warren
>> 
>> George -- theall at tenable.com
> 
> I can do diffing for commits if needed. Does this already have CVE
> identifier? There is at least issues:
> 
> http://osvdb.org/84737 http://osvdb.org/84738 
> http://osvdb.org/95884
> 
> --- Henri Salo
> 

If you can please post the diffs (assuming they're not insanely long)
that'd be great and I'll assign CVEs, thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSN8orAAoJEBYNRVNeJnmTdK4QAJwnrv6h0wiKqxf3au4Kf7A+
vxSVdVIDatWjME+QQk8RIqeu1vM5WgrPcdpkZ86lRPtM3JBvDguk3Em7dyVTqPYS
TQYDPM8Bv3FuZAsLzX6/tgpy4SH/NSP9HUyhlZrgFrBacXk9wrf1X/x0agfeOvY/
ydIqrx9C3OQjjL8N0HwlYQLhd7Ropk7aX6J0K2wEEnZdLPu/AQ6JjT8HsDacook+
7c/6YCdhXNs9zkrmszkboL/s3Ixyomt7RXCoP6dORob18VWa0w9AL/pBk30yEZmY
mABOcysp8JrOCVG513304YH4QcqVR+LvTFQSKyunIJNZ37C/flgWP/Uukcnedn3j
BrQSMCrd+YTSZWX6SHUlb18haBp1CLMY2tzsfFh+o5wUMC9EuNRTTP4TcYTQl0lm
WbUf814H8REDx+8S0mY6cMab42ToSP1F5BL5/nRlpK7zYyLvp2I8fjfBHo3ReFPY
NhyUB8JnHw7Fs20lsYpmVtYUlgXruqFIAsGw7YSc3VBraE9s8kVmi7DzyxUYNvuV
Ee6xZ2Z9pQWe9mGqbL9PrUAZmKpuuFei6B8X3GX1uuCApM8UqsTggYIv+whjxwxN
SA9BycRCect3JE+STs4D7bddFYwb/7C6Zq3Ko5+DgefoayO/zhhxzxBFH+Y2FKQf
DEOmeLwdzyqrG6W8pt+5
=lzzp
-----END PGP SIGNATURE-----