WordPress.org

Ready to get started?Download WordPress

Forums

Lanoba Social Plugin
XSS vulnerabilities (3 posts)

  1. henrisalo
    Member
    Posted 2 years ago #

    Orginal advisory http://seclists.org/bugtraq/2011/Nov/120 didn't have much information. Do you know if this issue is fixed? What versions are affected? Does this issue have CVE-identifier?

    http://wordpress.org/extend/plugins/lanoba-social-plugin/

  2. Lanoba
    Member
    Plugin Author

    Posted 2 years ago #

    Thank you Henri for reporting this to us.

    While WordPress does have a cross site scripting problem (XSS) where not all user input is sanitized, if any of that unsanitized user input is redirected to the screen or browser, an attacker would be able to execute malicious scripts. However, Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf.

    Thank you again for your input, we hope you found this information to be helpful.

    Lanoba Support

  3. henrisalo
    Member
    Posted 2 years ago #

    I double-checked this and it is indeed false-positive. Thank you for fast reply. It seems that the person who originally reported this has made several other false-positive reports.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic