Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

any eta on xss fix #149

Open
anantshri opened this issue May 5, 2015 · 6 comments
Open

any eta on xss fix #149

anantshri opened this issue May 5, 2015 · 6 comments

Comments

@anantshri
Copy link

@anantshri anantshri commented May 5, 2015

Someone reported a Dom XSS vector in 07-2014
http://www.perucrack.net/2014/07/haciendo-un-xss-en-plugin-prettyphoto.html

I can see evidences of this issue being exploited in wild. Can you suggest when a fix would be ready.

Created a public issue coz the disclosure was long back but still a lot of people are using this library and all of them are susceptible to this attack.

@ethicalhack3r
Copy link

@ethicalhack3r ethicalhack3r commented May 5, 2015

The blog post says La vulnerabilidad fue reportada al autor y arreglada al día siguiente

Translation: The vulnerability was reported to the author and fixed the day after

I wonder who he reported it to and who fixed what? This repo hasn't been updated since '13 and his blog post is from July '14.

I thought maybe he was talking about the WordPress prettyphoto plugin - https://wordpress.org/plugins/prettyphoto/ - but that hasn't been updated since '13 either. The current version, 1.1, has prettyphoto version 3.1.4 so the plugin is probably vulnerable too.

@ethicalhack3r
Copy link

@ethicalhack3r ethicalhack3r commented May 5, 2015

Confirmed the WordPress plugin is vulnerable. I will contact the author.

@cezarpopa
Copy link

@cezarpopa cezarpopa commented May 6, 2015

The only fix i see regarding this XSS vulnerability is on this repo
https://github.com/Duncaen/prettyphoto/blob/3ef0ddfefebbcc6bbe9245f9cea87e26838e9bbc/js/jquery.prettyPhoto.js
Tested it and seemed to be ok.

@scaron
Copy link
Owner

@scaron scaron commented May 6, 2015

I'll review and try to update the plugin tonight.

@anantshri
Copy link
Author

@anantshri anantshri commented May 6, 2015

Cool, good to see some progress on this one. Now once the patch is in repository we are left with updating/informing the dependent softwares of the new release.

@scaron would it be possible that you can mark the new release as a security fix and a note stating that people are requested to update to the new version ASAP.

-Anant

scaron added a commit that referenced this issue May 7, 2015
@anantshri
Copy link
Author

@anantshri anantshri commented May 21, 2015

jsDelivr is still service old files and is looking for someone to make a pull request. can the author please make a pull request to get 3.1.6 in jsdelivr repository. Refer : jsdelivr/jsdelivr#4878

Edit: Looks like its updated so no need for a pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.