{"id": "EDB-ID:20270", "hash": "4e3bcfa50fb2b8c98a51216e0ebb758f", "type": "exploitdb", "bulletinFamily": "exploit", "title": "WordPress Plugin Effective Lead Management 3.0.0 - Persistent XSS", "description": "Wordpress Plugin Effective Lead Management 3.0.0 - Persistent XSS. Webapps exploit for php platform", "published": "2012-08-05T00:00:00", "modified": "2012-08-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/20270/", "reporter": "Chris Kellum", "references": [], "cvelist": [], "lastseen": "2016-02-02T13:52:22", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-02-02T13:52:22"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/20270/", "sourceData": "# Exploit Title: WP Lead Management v3.0.0 Persistent XSS\r\n# Date: 8/5/12\r\n# Exploit Author: Chris Kellum\r\n# Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip\r\n# Version: 3.0.0\r\n\r\n\r\n\r\n=====================\r\nVulnerability Details\r\n=====================\r\n\r\nThe form does not properly sanitize input fields, allowing for XSS.\r\n\r\n Example:\r\n\r\n <script>alert('xss')</script>\r\n\r\nXSS will fire when the admin views the lead management page if the javascript is included in the name, otherwise the javascript can be included in the \"requirements\" field and will fire when an admin \"picks\" the lead.\r\n\r\n===================\r\nDisclosure Timeline\r\n===================\r\n\r\n8/4/12 - Vulnerability discovered. No author contact information available. Public disclosure.", "osvdbidlist": ["84462"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{}