Popup Blocker Pro Chrome Extension Stored Cross Site Scripting

2017.01.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Summary : Pop-Up Blocker Pro latest version suffers from Stored Cross Site Scripting Products Affected : Version 1.3.5 Chrome Extension Link : https://chrome.google.com/webstore/detail/popup-blocker-pro/kiodaajmphnkcajieajajinghpejdjai?hl=en Proof of Concept : The file options/options.htm suffers from Stored XSS due to lack of output filter. Go to chrome-extension://kiodaajmphnkcajieajajinghpejdjai/options/options.htm After that, in the Whitelisted Sites section, add the Payload <script>alert(1)</script> and press enter. After that each time you visit the extension link, it would prompt a Stored XSS. Credits: Aaditya Purani

References:

https://chrome.google.com/webstore/detail/popup-blocker-pro/kiodaajmphnkcajieajajinghpejdjai?hl=en


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top