Pligg CMS 2.0.2 - Stored XSS

2015-05-11T00:00:00
ID SECURITYVULNS:DOC:32081
Type securityvulns
Reporter Securityvulns
Modified 2015-05-11T00:00:00

Description

Hi Team,

Affected Vendor: http://pligg.com/

Date: 23/04/2015

Discovered by: Joel Vadodil Varghese

Type of vulnerability: Persistent XSS

Tested on: Windows 8.1

Product: Pligg CMS

Version: 2.0.2

Tested Link: http://localhost/pligg/admin/admin_page.php

Description: Pligg CMS is a content management platform that powers tens of thousands of websites. It specializes in creating social publishing networks, where users submit and promote content similar to sites like Digg, Reddit, and Mixx.Pligg CMS is vulnerable to stored xss vulnerability. The parameter "page_title" and "page_content" are the vulnerable parameter which will lead to its compromise.

Proof of Concept (PoC): "><img src="a.jpg" onerror="alert('XSS')"/>

-- Regards, Joel V