Lucene search
Halil DalabasmazEDB-ID:35218HistoryNov 12, 2014 - 12:00 a.m.
WordPress Plugin SupportEzzy Ticket System 1.2.5 - Persistent Cross-Site Scripting
2014-11-1200:00:00
Halil Dalabasmaz
www.exploit-db.com
29
# Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS
Vulnerability
# Date: 12-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.2.5
# Vendor Homepage:
http://codecanyon.net/item/supportezzy-ticket-system-wordpress-plugin/8908617
# Software Test Link: http://demo.cssjockey.com/cjsupport/supportezzy/
# Tested on: Iceweasel and Chrome
# Vulnerabilities Description:
===Stored XSS===
Register and login to system and then submit new ticket. "URL (optional)"
input is not secure. You can run XSS payloads, use sample payload to test.
Sample Payload for Stored XSS: http://example.com
"><script>alert(document.cookie);</script>
===Solution===
Filter the input fields aganist to XSS attacks.
===============Related
patchstack
patchstack
WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS
2014-11-12 00:00:00
cvelist
cvelist
CVE-2014-9179
2014-12-02 16:00:00
nvd
nvd
CVE-2014-9179
2014-12-02 16:59:16
wpvulndb
wpvulndb
SupportEzzy Ticket System 1.2.5 - Cross Site Scripting
2014-11-13 19:41:09
prion
prion
Cross site scripting
2014-12-02 16:59:00
cve
cve
CVE-2014-9179
2014-12-02 16:59:16