| Title: Reflected XSS in wordpress plugin bestsmallshoplite |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/bestsmallshoplite |
| Downloads: 4468 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: bestsmallshoplite |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./bestsmallshoplite/checkout.php:
7:<strong><?php echo $_POST['first_name']; ?>, thank you for the information this means your order can now be processed.</strong>
9:<p>We have just sent you an e-mail to <?php echo $_POST['email']; ?> confirming your order. If you have any questions please contact us a quote your order reference <strong><?php echo substr($_SESSION['BSS'],0,10); ?>.</strong>
The variable first_name appears to send unsanitized data back to the users browser via POST request.
|
| CVE-ID: Not Released |
| File:./bestsmallshoplite/checkout.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|