Lucene search
Lukas ReschkeWPVDB-ID:5C1C515F-7C0F-441B-ABEE-71FD4B457BF7HistoryJun 02, 2015 - 12:00 a.m.
Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
2015-06-0200:00:00
Lukas Reschke
wpscan.com
11
0.001 Low
EPSS
Percentile
34.0%
A reflected XSS in “Simple Share Buttons Adder” before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the “Simple Share Buttons Adder” was added (usually all blog posts). Exploitation required that the browser did not encode the parameters sent to the server. Most prominently this thus affects Internet Explorer but is not exploitable on recent versions of Chrome or Firefox.
PoC
curl “http://output.com/index.php/2015/06/02/hello-world/?” will result in:
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-share-buttons-adder | lt | 6.0.1 |
Related
cve
cve
CVE-2015-9303
2019-08-12 16:15:12
prion
prion
Cross site scripting
2019-08-12 16:15:00
nvd
nvd
CVE-2015-9303
2019-08-12 16:15:12
wpexploit
wpexploit
Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
2015-06-02 00:00:00
cvelist
cvelist
CVE-2015-9303
2019-08-12 15:40:33