WordPress Design-Approval-System 3.6 Cross Site Scripting

`[Design-Approval-System Wordpress plugin XSS ]  
  
[vendor product description]  
A system to streamline the process of getting designs, photos,   
documents, videos or music approved by clients quickly.  
  
[Bug Description]  
The walkthrouth web page does not validate the step parameter leading to   
a Cross-site scripting flaw. An no authenticated user is required to   
exploit these security flaws.  
  
[History]  
  
Advisory sent to vendor on 09/03/2013  
Vendor reply 09/03/2013  
Vendor patch published 09/07/2013  
  
[Impact]  
HIGH  
  
[Afected Version]  
  
3.6  
  
[Vendor Reply]  
  
03/09/2013  
  
07/09/2013 - Vulnerability fixed. 3.7 version released.  
  
  
[CVE Reference]  
  
CVE-2013-5711  
  
[PoC]  
  
Payload:   
http://[host]/wordpress/wp-content/plugins/design-approval-system/admin/walkthrough/walkthrough.php?step=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E  
  
[References]  
  
[1] Design Approval System   
http://wordpress.org/plugins/design-approval-system  
[2] Design Approval System 3.7 release notes   
http://wordpress.org/plugins/design-approval-system/other_notes/  
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/  
  
--------------------------------------------  
iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos  
  
alexos (at) ibliss.com (dot) br [email concealed]  
  
[Greetz]  
  
Ewerson Guimarães - Crash  
  
--   
Alexandro Silva  
[email protected]  
  
iBLISS Segurança & Inteligência  
+55 71 8847-5385  
+55 11 3255-3926  
www.ibliss.com.br  
`