Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

  [USN-2539-1] Django vulnerabilities

  DokuWiki persistent Cross Site Scripting

  Reflected XSS Vulnerability in XSS In Manage Engine Device Expert

From:joelvarghese7_(at)_gmail.com <joelvarghese7_(at)_gmail.com>
Date:11 мая 2015 г.
Subject:Pligg CMS 2.0.2 - Stored XSS



Hi Team,

#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php

Description: Pligg CMS is a content management platform that powers tens of thousands of websites. It specializes in creating social publishing networks, where users submit and promote content similar to sites like Digg, Reddit, and Mixx.Pligg CMS is vulnerable to stored xss vulnerability. The parameter "page_title" and "page_content" are the vulnerable parameter which will lead to its compromise.

#Proof of Concept (PoC): "><img src="a.jpg" onerror="alert('XSS')"/>

-- Regards, Joel V

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород