Royal Slider <= 3.2.6 – Authenticated Cross-Site Scripting (XSS) | CVE 2015-9412

Description

The vulnerability exists due to insufficient sanitation of user-supplied data in "rstype" HTTP GET parameter when creating / editing a slider.

A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=new_royalslider&action=edit&rstype="><script>alert(String.fromCharCode(88,83,83))</script>

Affects Plugins

royal-slider

Fixed in 3.2.7

References

CVE

CVE-2015-9412

URL

http://dimsemenov.com/plugins/royal-slider/wordpress/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

Gerard Arall

Submitter website

https://github.com/arall

Verified

WPVDB ID

8b65602d-7b97-4c59-a76c-ffbf84b454ca

Timeline

Publicly Published

2015-09-12 (about 10 years ago)

Added

2015-09-13 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-11-18

Title

Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS

Published

2025-04-04

Title

Ecwid Shopping Cart < 7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-12-11

Title

Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2025-04-01

Title

Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2024-12-17

Title

User Referral <= 8.0 - Reflected Cross-Site Scripting