Title: Reflected XSS in wordpress plugin simple-slideshow-manager v2.1.1 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/simple-slideshow-manager |
Downloads: 65903 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: simple-slideshow-manager |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./simple-slideshow-manager/acx_slideshow_managegallery.php:
746: <input type = "text" autocomplete="off" id = "rename" name = "rename" class="field" value="<?php echo $_GET['name']; ?>" onblur="if (this.value == '') {this.value = '<?php echo $_GET['name']; ?>';}" onfocus="if (this.value == '<?php echo $_GET['name']; ?>') {this.value = '';}" />
747: <input type = "hidden" id="old_name" name="old_name" value = "<?php echo $_GET['name']; ?>"/>
1057: <input type = "hidden" id="acx_gall_name" name="acx_gall_name" value = "<?php echo $_GET['name']; ?>"/>
The variable name appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./simple-slideshow-manager/acx_slideshow_managegallery.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|