Pligg CMS version 2.0.2 suffers from a cross site scripting vulnerability.
f1df25d6bd296cf443cd0a2ec4f50554b65c1ab71679ebb6e90c7982ab54faa6Hi Team,
#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php
Description: Pligg CMS is a content management platform that powers tens of
thousands of websites. It specializes in creating social publishing
networks, where users submit and promote content similar to sites like
Digg, Reddit, and Mixx. Pligg CMS is vulnerable to stored xss
vulnerability. The parameter "page_title" and "page_content" are the
vulnerable parameter which will lead to its compromise.
#Proof of Concept (PoC): "><img src="a.jpg" onerror="alert('XSS')"/>
--
Regards,
*Joel V*
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed