Wordpress Events Manager Extended Plugin Persistent XSS Vulnerability



EDB-ID: 14923 CVE: N/A OSVDB-ID: 67940
Author: Craw Published: 2010-09-06 Verified: Not Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next 
# Author: Craw
# Email: craw@element7.eu             
# Software Link: http://wordpress.org/extend/plugins/events-manager-extended/
# Version: 3.1.2
# Category: webapplications
 
=======================================================
 
 
[+] ExploiT [1] : If you are allowed to leave a comment:
	
	Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
	The Code will be displayed below the event.

	
[+] ExploiT [2] : If you are allowed to book an event:
   
   Persistent XSS Vulnerability: You can inject Javascript Code in [Name] ,  [Email] , [Phonenumber] , [Comment]
   The Code will be displayed in the Wordpress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people
   

=======================================================
Greetz @ LUXEMBOURG
=======================================================






Comments

No comments so far