.. / CVE-2014-9094

Exploit for WordPress DZS-VideoGallery Plugin Cross-Site Scripting (CVE-2014-9094)

Description:

Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

Nuclei Template

View the template here CVE-2014-9094.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-9094.yaml

References:

http://websecurity.com.ua/7152/
https://nvd.nist.gov/vuln/detail/CVE-2014-9094
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/d4n-sec/d4n-sec.github.io
http://seclists.org/fulldisclosure/2014/Jul/65

.. / CVE-2014-9094 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress DZS-VideoGallery Plugin Cross-Site Scripting (CVE-2014-9094)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-9094