cjc.im / advisories / 0007
Reflected XSS in vospari forms plugin
This vulnerability has been discovered and reported by Carl Clegg (carl(at)cjc(dot)im)
- 2016-07-31: Vendor Notified
- 2016-08-01: Vendor fixed plugin with version 1.4
- 2016-11-21: Advisory Published
The plugin is designed to generate forms of registration and authorization, which transmit data TradeSmarter trading platform. Forms are generated by a simple shortcode.
Risk / Severity Rating
Description and Impact
a_aid parameter on a page that has a form allows for reflected XSS
412: echo '<iframe src="'.$protocol.'://trading.vospari.com/ru?a_aid='.$_GET['a_aid'].'" style="display:none;" width="0" height="0"></iframe>';
Proof of Concept
alert(1) but could be used to run something more malicious
Upgrade to version 1.4
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.