Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbEthicalhack3rWPVDB-ID:DC337770-BB13-4F88-99AA-C7FA2D58E0FC
HistorySep 14, 2015 - 12:00 a.m.

PowerPress Podcasting < 6.0.5 - Authenticated Cross-Site Scripting (XSS)

2015-09-1400:00:00
ethicalhack3r
wpscan.com
7

EPSS

0.001

Percentile

38.3%

JSON

By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged in user’s session by stealing cookies. This means that the malicious hacker can change the logged in user’s password and invalidate the session of the victim while the hacker maintains access.

PoC

1. Logon into any wordpress application (localhost or public host) 2. Modifying the value of tab variable in Blubrry PowerPress Version 6.0.4 3. Fill all the variables with ">alert(document.cookie);

Related

wpexploit 1
prion 1
nvd 1
cve 1
cvelist 1
wpexploit
wpexploit
PowerPress Podcasting < 6.0.5 - Authenticated Cross-Site Scripting (XSS)
2015-09-14 00:00:00
prion
prion
Design/Logic Flaw
2019-09-26 00:15:00
nvd
nvd
CVE-2015-9410
2019-09-26 00:15:10
cve
cve
CVE-2015-9410
2019-09-26 00:15:10
cvelist
cvelist
CVE-2015-9410
2019-09-25 23:04:20

EPSS

0.001

Percentile

38.3%

JSON
Related for WPVDB-ID:DC337770-BB13-4F88-99AA-C7FA2D58E0FC
wpexploit1prion1nvd1cve1cvelist1