Summary :
Pop-Up Blocker Pro latest version suffers from Stored Cross Site Scripting
Products Affected :
Version 1.3.5 Chrome Extension
Link :
https://chrome.google.com/webstore/detail/popup-blocker-pro/kiodaajmphnkcajieajajinghpejdjai?hl=en
Proof of Concept :
The file options/options.htm suffers from Stored XSS due to lack of output filter. Go to chrome-extension://kiodaajmphnkcajieajajinghpejdjai/options/options.htm
After that, in the Whitelisted Sites section, add the Payload <script>alert(1)</script> and press enter.
After that each time you visit the extension link, it would prompt a Stored XSS.
Credits:
Aaditya Purani