iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS)

Type wpvulndb
Reporter m0ze
Modified 2019-11-27T00:00:00


WordPress Vulnerability - iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS) Go to the demo website and open chat window by clicking on «Chat» icon on the bottom right corner. Use your payload inside input field and press [Enter]. Provided example payloads working on the admin area, so it's possible to steal admin cookies or force a redirect to any other website. To check your XSS Injections log in with provided credentials (operator1 / Operator_1, operator2 / Operator_2, operator3 / Operator_3) and go to this page then select your chat alias from the list. Keep in mind that there is 3 demo operators, so you must log in as operator assigned to your chat (operator number will be available after you send the first message in chat). Example #1: Example #2: Example #3: Example #4: Example #5: