.. | |||
README.md | Loading last commit info... |
README.md
FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS
Description
The vulnerable function is exposed to unauthenticated users over wp_ajax_nopriv_fv_wp_flowplayer_email_signup
ajax hook. It saves anything that user provides in email
POST parameter.
Proof of Concept
Send POST request to wp-admin/admin-ajax.php with body content:
"action=fv_wp_flowplayer_email_signup&list=1&email=<svg/onload=prompt(1)>@test.com"
The provided email input is then rendered on email export screen.