The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the “Default Skin” field.
Step1: Install and activate the plugin. Step2: Go to the plugin setting. Step3: Enter the following payload in the field “Default Skin” xss">
<input type=‘text’ name=“hflv_skin” value="xss Step4: Now the script is stored and whenever the user goes to the plugin the script will be executed. </p>
CPE | Name | Operator | Version |
---|---|---|---|
hana-flv-player | eq | * |