GigPress 2.1.10 wordpress plugin Stored XSS

vendor:

GigPress

by:

Saif El-Sherei

7.5

CVSS

HIGH

Stored XSS

CWE

Product Name: GigPress

Affected Version From: GigPress 2.1.10

Affected Version To: GigPress 2.1.10

Patch Exists: YES

Related CWE: N/A

CPE: 2.3:a:wordpress:gigpress:2.1.10

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: FireFox 3.6.13, IE 8

2011

GigPress 2.1.10 wordpress plugin Stored XSS

The user must have 'contributer' priv atleast or whatever role the admin decides would be suitable for event submission, failure to sanitize the 'Notes' field in the 'Add A Show' section under 'GigPress' Dashboard allows an attacker to inject malicious HTML code, attacking any user viewing the page where the malicious show is posted.

Mitigation:

Upgrade to latest plug-in version.

Source

Exploit-DB raw data:

# Exploit Title: GigPress 2.1.10 wordpress plugin Stored XSS
# Date: 21-2-2011
# Author: Saif El-Sherei
# Version: GigPress 2.1.10, WordPress 3.0.5
# Tested on: FireFox 3.6.13, IE 8
# Vendor Response: plugin Author released an update to fix this issue


Info:

GigPress is a powerful WordPress plugin designed for musicians and other
performers. Manage all of your upcoming and past performances right from
within the WordPress admin, and display them on your site using simple
shortcodes, PHP template tags, or the GigPress widget on your
WordPress-powered website.

Details:


The user must have "contributer" priv atleast or whatever role the admin
decides would be suitable for event submission, failure to sanitize the
"Notes" field in the "Add A Show" section under "GigPress" Dashboard allows
an attacker to inject malicious HTML code, attacking any user viewing the
page where the malicious show is posted.

POC:

<script>alert('w00t');</script>

Solution:

Upgrade to latest plug-in version