# Vulnerability: Wordpress plugin Buddypress <= 1.9.1 stored xss # Date: 13/02/2014 # Author: Pietro Oliva # Vendor Homepage: http://buddypress.org # Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip # Version: 1.9.1 # CVE : [CVE-2014-1888] # Responsibly disclosed and patched in version 1.9.2 During the group creation process in Buddypress it's possible to inject javascript code into the name field in the form at http://example.com/groups/create/step/group-details/ as for instance: name" onmouseover="alert('xss'). To test this vulnerability you have reproduce the following steps: 1) create a group named as follows: name" onmouseover="alert('xss') 2) visiting this url:http://example.com/groups/create/step/group-details/ causes the alert to show on mouse over the group name field -Pietro Oliva-
