Russ McRee has discovered some vulnerabilities in Pligg, which can
be exploited by malicious people to conduct cross-site scripting and
request forgery attacks.
Input passed via the "Referer" HTTP header to various scripts (e.g.
admin/admin_config.php, admin/admin_modules.php, delete.php, editlink.php,
submit.php, submit_groups.php, user_add_remove_links.php, and
user_settings.php) is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests.
This can be exploited to e.g. create an arbitrary user with administrative
privileges if a logged-in administrative user visits a malicious web
site.