WP Effective Lead Management Persistent XSS Exploit

Summary

WP Effective Lead Management v3.0.0 suffers from persistent XSS vulnerability.

Credit:

The information has been provided by chap0.


Details

Vulnerable Systems:
 * WP Effective Lead Management v3.0.0

The form does not properly sanitize input fields, allowing for XSS.

Example:

<script>alert(‘xss’)</script>

XSS will fire when the admin views the lead management page if the javascript is included in the name, otherwise the javascript can be included in the ‘requirements’ field and will fire when an admin ‘picks’ the lead.

Disclosure Timeline:
8/4/12 – Vulnerability discovered. No author contact information available. Public disclosure.

Categories: Exploits