Vulners
Lucene search
Vanilla Forum Tagging Plugin Enchanced 1.0.1 - Persistent Cross-Site Scripting
# Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS
# Date: 1/6/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1
# http://vanillaforums.org/download
# http://vanillaforums.org/addon/tagging-plugin
This plugin is based on the default tagging plugin that comes with Vanilla. Therefore this is vulnerable to the same attack.
Create a new thread and post your XSS as tag. I used
<script>alert('xss')</script>
You will have to use a proxy / manipulate the form to bypass the max-length on the form.
Once you have posted the thread, send an administrator or moderator to
http://target.tld/index.php?p=/vanilla/post/editdiscussion/7
Where 7 is the thread ID of the thread you just made. The XSS will then trigger.
You can even use a URL shortener to send the link.
Note: The URL may be different depending on what category your thread is in.
#############################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jun 2012 00:00Current
7High risk
Vulners AI Score7