WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability

Bugtraq ID:	50824
Class:	Input Validation Error
CVE:	CVE-2011-5179
Remote:	Yes
Local:	No
Published:	Nov 28 2011 12:00AM
Updated:	Sep 21 2012 04:20PM
Credit:	Amir
Vulnerable:	WordPress Skysa App Bar 0
Not Vulnerable:	WordPress Skysa App Bar 1.04

WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability

Skysa App Bar Plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URI is available:

http://www.example.com/[path]/wp-content/plugins/skysa-official/skysa.php?submit=[xss]

WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the reference for more details.

WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability

References:

• Skysa App Bar Homepage (WordPress)
  
• WordPress Homepage (WordPress)
  
• Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities ([email protected])
  
• Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities ([email protected])