Application: Usernoise ( http://usernoise.karevn.com/ ) Version: 3.7.8 (probably earlier versions as well) Type: Wordpress plugin Developer: Nikolay Karev ( http://karevn.com/ - http://profiles.wordpress.org/karevn/) Vulnerability: Unauthorized persistent cross-site scripting
Usernoise is a "just works" modal contact / feedback form. It became responsive starting from 3.5 release. You will not need to change even a line of code in your site.
<script>document.documentElement.innerHTML='RogueCoder was here';</script> Well done! Website looks great<script>console.log('RogueCoder was here');</script>
Upgrade to plugin version 3.7.9
2013-07-15 - Informed developer through plugin section on wordpress.org 2013-07-16 - Informed developer through email 2013-07-17 - Fix released