WordPress Web Dorado Spider Video Player XSS Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Web Dorado Spider Video Player plugin and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to version 1.5.2 or later. For updates refer https://wordpress.org/plugins/player

Insight

Input passed via the 'TrackId', 'task', and 'id' GET parameters are not properly sanitized before returning it to users.

Affected

WordPress Web Dorado Spider Video Player version before 1.5.2

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

https://wordpress.org/plugins/player/changelog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8584

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Struts Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities