Advisory by Netsparker.

Name: XSS Vulnerability in Blubrry PowerPress
Affected Software : Blubrry PowerPress
Affected Versions: 6.0 and possibly below
Vendor Homepage :
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-1385

Netsparker Advisory Reference : NS-15-001

Technical Details

Proof of Concept URLs for XSS in Blubrry PowerPress:


For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline
22/01/2015 - First Contact
26/01/2015 - Vulnerability fixed
29/01/2015 - Advisory released

Download version 6.0.1 which includes fix for this vulnerability.

Credits & Authors
These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.