Sunday, April 29, 2012

Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnerability

Pligg is an open source CMS (Content Management System) that you can download and use for free. Pligg CMS provides social publishing software that encourages visitors to register on your website so that they can submit content and connect with other users.

Sow Ching Shiong, an independent vulnerability researcher has discovered Cross-Site Scripting vulnerability in Pligg CMS. This issue was discovered in a default installation of Pligg CMS 1.1.4. Other earlier versions may also be affected.

Proof of concept

Update to version 1.2.0 or later.


Vendor URL:

Disclosure Timeline
2011-04-24 - Vulnerability discovered.
2011-04-24 - Vulnerability reported to Secunia.
2011-04-26 - Secunia confirmed the vulnerability and contacted the vendor.
2011-09-18 - Patch released.
2011-09-20 - Advisory published by Secunia.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.