Vanilla Latest Comment 1.1 Cross Site Scripting

2012-05-19T00:00:00
ID PACKETSTORM:112883
Type packetstorm
Reporter Henry Hoggard
Modified 2012-05-19T00:00:00

Description

                                        
                                            `# Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability  
# Date: 18/5/12  
# Author: Henry Hoggard  
# Author URL: henryhoggard.co.uk  
# Author Twitter: @henryhoggard  
# Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1  
  
#http://vanillaforums.org/addon/latestcomment-plugin  
  
# http://vanillaforums.org  
#############################################################  
  
Create a new thread with your XSS as the thread title, the XSS will appear on the index page of the forum.  
  
XSS:  
<script>alert('x')</script>  
  
#############################################################  
  
http://henryhoggard.co.uk  
`