# Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability # Date: 18/5/12 # Author: Henry Hoggard # Author URL: henryhoggard.co.uk # Author Twitter: @henryhoggard # Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1 #http://vanillaforums.org/addon/latestcomment-plugin # http://vanillaforums.org ############################################################# Create a new thread with your XSS as the thread title, the XSS will appear on the index page of the forum. XSS: <script>alert('x')</script> ############################################################# http://henryhoggard.co.ukБрой прочитания на тази страница: 928
Vanilla Forums LatestComment 1.1 Plugin Persistent XSS