Advisory from Netsparker - vulnerability in Sharre (2.0.1) Social Sharing Plugin

Julienh / Sharrre

Make your sharing widget! Sharrre is a jQuery plugin that allows you to create nice widgets sharing for Facebook, Twitter, Google Plus (with PHP script) and more.

sharrre.com

MIT License

1.04k stars 413 forks source link

Advisory from Netsparker - vulnerability in Sharre (2.0.1) Social Sharing Plugin #306

Open DanielBishtawi opened 6 years ago

DanielBishtawi commented 6 years ago

Hello,

While testing the Netsparker web application security scanner we identified a vulnerability in Sharre (2.0.1).

Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed?

Please email me: daniel (at) netsparker (dot) com

Looking forward to hearing from you.

Regards,

Daniel Bishtawi

justageek commented 5 years ago

We are patching the script ourselves so it sanitizes script tags passed in via the URL. Is that the issue?

makmour commented 5 years ago

Hi @DanielBishtawi. Did you receive any reply?

DanielBishtawi commented 5 years ago

@makmour We received a reply by the vendor stopped responding.

The technical details can be found here: https://www.netsparker.com/web-applications-advisories/ns-18-041-dom-cross-site-scripting-in-sharrre/

makmour commented 5 years ago

Thanks for your fast reply @DanielBishtawi.