WordPress Events Manager 3.1.2 Cross Site Scripting

2010-09-08T00:00:00
ID PACKETSTORM:93555
Type packetstorm
Reporter Craw
Modified 2010-09-08T00:00:00

Description

                                        
                                            `# Author: Craw  
# Email: craw@element7.eu   
# Software Link: http://wordpress.org/extend/plugins/events-manager-extended/  
# Version: 3.1.2  
# Category: webapplications  
  
=======================================================  
  
  
[+] ExploiT [1] : If you are allowed to leave a comment:  
  
Persistent XSS Vulnerability: You can inject Javascript Code in your comment.  
The Code will be displayed below the event.  
  
  
[+] ExploiT [2] : If you are allowed to book an event:  
  
Persistent XSS Vulnerability: You can inject Javascript Code in [Name] , [Email] , [Phonenumber] , [Comment]  
The Code will be displayed in the Wordpress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people  
  
  
=======================================================  
Greetz @ LUXEMBOURG  
=======================================================  
  
`