WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting

EDB-ID:

14923

CVE:


EDB Verified:

Author:

Craw

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-09-06

Vulnerable App: 
# Author: Craw
# Email: craw@element7.eu             
# Software Link: http://wordpress.org/extend/plugins/events-manager-extended/
# Version: 3.1.2
# Category: webapplications
 
=======================================================
 
 
[+] ExploiT [1] : If you are allowed to leave a comment:
	
	Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
	The Code will be displayed below the event.

	
[+] ExploiT [2] : If you are allowed to book an event:
   
   Persistent XSS Vulnerability: You can inject Javascript Code in [Name] ,  [Email] , [Phonenumber] , [Comment]
   The Code will be displayed in the Wordpress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people
   

=======================================================
Greetz @ LUXEMBOURG
=======================================================
Tags: WordPress Plugin
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services