header-logo
Suggest Exploit
vendor:
Schreikasten
by:
Henry Hoggard
4,3
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Schreikasten
Affected Version From: 0.14.13
Affected Version To: 0.14.13
Patch Exists: Yes
Related CWE: N/A
CPE: a:wordpress:schreikasten
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

WordPress Schreikasten 0.14.13 XSS

The WordPress Schreikasten 0.14.13 plugin is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the name or content fields of a post, which will be reflected on the homepage. An example of malicious code is <script>alert('xss')</script>.

Mitigation:

The vendor has released an update to address this vulnerability. Users should update to the latest version of the plugin.
Source

Exploit-DB raw data:

# Title: WordPress Schreikasten 0.14.13 XSS
# Date: 5/6/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# http://wordpress.org/extend/plugins/schreikasten/

Post your XSS in either the name or content fields and the XSS will appear on the homepage.

Post your XSS as the poll title.

The XSS I used is
<script>alert('xss')</script>

#############################################################

Navigation

Suggest Exploit

Services By CQR