crea8social 1.3 - Stored XSS Vulnerability

2014-11-25 18:05:04

# Exploit Title: crea8social 1.3 Stored XSS Vulnerability
# Date: 24-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.3
# Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270
# Tested on: Chrome & Iceweasel

# Vulnerability Description:

===Stored XSS===
Create a page from "Pages" (/pages) section. "Page Website" input is not secure. You can run XSS payloads on "Page Website" input.

Sample Payload for Stored XSS: http://example.com/">[xssPayload]

=Solution=
Filter the input field against to XSS attacks.
================

Fixes

No fixes

In order to submit a new fix you need to be registered.