製品・ソフトウェアに関する情報

JVN脆弱性詳細

WordPress 用 Redirection プラグインにおけるクロスサイトスクリプティングの脆弱性

Title	WordPress 用 Redirection プラグインにおけるクロスサイトスクリプティングの脆弱性
Summary	WordPress 用 Redirection プラグイン内にある (1) view/admin/log_item.php、および (2) view/admin/log_item_details.php には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、存在しない POST へのリクエスト内にある Referer HTTP ヘッダを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 28, 2011, midnight
Registration Date	Nov. 30, 2011, 4:26 p.m.
Last Update	Nov. 30, 2011, 4:50 p.m.

Affected System

John Godley

Redirection 2.2.9

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-4562	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4562
National Vulnerability Database (NVD)
2	CVE-2011-4562	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4562

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
WordPress.org
1	changelog	http://wordpress.org/extend/plugins/redirection/changelog/
2	Changes in redirection [421721:447262]/log.php	http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection

Change Log

No	Changed Details	Date of change
0	[2011年11月30日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-4562

Summary	Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
Publication Date	Nov. 29, 2011, 6:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:32 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:john_godley:redirection_plugin:2.2.9:::::::*
execution environment
1	cpe:2.3:a:wordpress:wordpress::::::::

Related information, measures and tools

No	URL	タグ
1	http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html	URL Repurposed
2	http://osvdb.org/76092
3	http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt	Exploit
4	http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection
5	http://secunia.com/advisories/46310	Vendor Advisory
6	http://wordpress.org/extend/plugins/redirection/changelog/
7	http://www.securityfocus.com/bid/49985
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/70373
9	http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html	URL Repurposed
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/70373
11	http://www.securityfocus.com/bid/49985
12	http://wordpress.org/extend/plugins/redirection/changelog/
13	http://secunia.com/advisories/46310	Vendor Advisory
14	http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection
15	http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt	Exploit
16	http://osvdb.org/76092

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html