bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/20270.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

25 lines
No EOL
784 B
Text
Raw Blame History

# Exploit Title: WP Lead Management v3.0.0 Persistent XSS
# Date: 8/5/12
# Exploit Author: Chris Kellum
# Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip
# Version: 3.0.0
=====================
Vulnerability Details
=====================
The form does not properly sanitize input fields, allowing for XSS.
Example:
<script>alert('xss')</script>
XSS will fire when the admin views the lead management page if the javascript is included in the name, otherwise the javascript can be included in the "requirements" field and will fire when an admin "picks" the lead.
===================
Disclosure Timeline
===================
8/4/12 - Vulnerability discovered. No author contact information available. Public disclosure.
Reference in a new issue View git blame Copy permalink