###########################

# Levo Slideshow 2.3 Stored XSS Wordpress Plugin Vulnerability

###########################

Hello,

I am Aaditya Purani, and i found a Stored XSS in Levo Slideshow 2.3 Version, by this you can enter malicious payload in Image Title and execute.

Proof of Concept

1) Go to Levo Slideshow -> Manage Images

2) Add an Image, in Image Title Input, enter the Payload as follow

t" onmouseover=alert(document.domain); a='

3) Save it and Reload the Page and Game over. :)

Video POC: https://www.youtube.com/watch?v=ESlZGPhqFnE

Follow: https://twitter.com/aaditya_purani
https://aadityapurani.com

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2016-06-20]

###########################