[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress Wunderbar Basic 1.1.3 Cross Site Scripting Vulnerability

Author
Ricardo Sanchez
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-29233
Category
web applications
Date add
15-12-2017
Platform
php
Credit Ricardo Sanchez
Vulnerable Wunderbar Basic 1.1.3

Wunderbar Basic is prone to a stored cross-site scripting
vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This
may allow the attacker to steal cookie-based authentication credentials and
to launch other attacks.

To exploit this issue following steps:
The XSS reflected because the value home is not filter correctly:


Demo Request:
http://localhost/wordpress/wp-content/plugins/wunderbar-basi
c-wysiwyg-front-end-editor/wb-adminbar.php?home=</script>"><script>alert("
R1XS4.COM")</script>

#  0day.today [2024-11-16]  #