CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)

2016-06-13T00:00:00
ID WPVDB-ID:8514
Type wpvulndb
Reporter Aaditya Purani
Modified 2019-11-01T00:00:00

Description

WordPress Vulnerability - CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS) 1) Go to CM Ad changers -> Campaigns 2) Create a Campaign. Enter whatever you want in Campaign settings, in the next tab "Campaign Banners", select an Image in Campaign images and in Banner Title enter this payload confirm(/aaditya/)

Click The button below. POC By Aaditya Purani:: CM AD Changer 1.7.7

This will Trigger Stored XSS at banner_title Parameter.