Summary
This host is running WordPress WP e-Commerce or WooCommerce Predictive Search Plugins and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Upgrade to the WordPress WooCommerce Predictive Search Plugin version 1.0.6 or later, For updates refer to http://wordpress.org/extend/plugins/woocommerce-predictive-search/
Upgrade to the WordPress WP e-Commerce Predictive Search Plugin version 1.1.2 or later, For updates refer to http://wordpress.org/extend/plugins/wp-e-commerce-predictive-search/
Insight
Input passed via the 'rs' parameter to index.php
(when page_id is set to the predictive search page) is not properly sanitised before it is returned to the user.
Affected
WordPress WooCommerce Predictive Search Plugin version 1.0.5 and prior WordPress WP e-Commerce Predictive Search plugin version 1.1.1 and prior
References
- http://osvdb.org/87890
- http://osvdb.org/87891
- http://secunia.com/advisories/51384/
- http://secunia.com/advisories/51385
- http://www.securelist.com/en/advisories/51384
- http://www.securelist.com/en/advisories/51385
- http://xforce.iss.net/xforce/xfdb/80382
- http://xforce.iss.net/xforce/xfdb/80383
Updated on 2015-03-25