Hello, I am Aaditya Purani, and i found a Stored XSS in Levo Slideshow 2.3 Version, by this you can enter malicious payload in Image Title and execute. Proof of Concept 1) Go to Levo Slideshow -> Manage Images 2) Add an Image, in Image Title Input, enter the Payload as follow t" onmouseover=alert(document.domain); a=' 3) Save it and Reload the Page and Game over. :) Video POC: https://www.youtube.com/watch?v=ESlZGPhqFnE Follow: https://twitter.com/aaditya_purani https://aadityapurani.com # Iranian Exploit DataBase = http://IeDb.Ir [2016-06-20]