Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitMuhammad DaffaWPEX-ID:368828F9-FDD1-4A82-8658-20E0F4C4DA0C
HistoryJul 19, 2021 - 12:00 a.m.

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

2021-07-1900:00:00
Muhammad Daffa
314

0.001 Low

EPSS

Percentile

24.8%

JSON

The plugin does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

Add or Edit a Characteristic (/wp-admin/admin.php?option=com_vikrentcar&task=carat)) with the following payload in the 'Text Next to Icon' field: <script>alert(/XSS/)</script>

Then view the Characteristics List to trigger the XSS

Related

cnvd 1
nvd 1
cve 1
cvelist 1
wpvulndb 1
prion 1
cnvd
cnvd
WordPress VikRentCar Car Rental Management System plugin cross-site scripting vulnerability
2021-08-18 00:00:00
nvd
nvd
CVE-2021-24519
2021-08-16 11:15:08
cve
cve
CVE-2021-24519
2021-08-16 11:15:08
cvelist
cvelist
CVE-2021-24519 Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
2021-08-16 10:48:25
wpvulndb
wpvulndb
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
2021-07-19 00:00:00
prion
prion
Cross site scripting
2021-08-16 11:15:00

0.001 Low

EPSS

Percentile

24.8%

JSON
Related for WPEX-ID:368828F9-FDD1-4A82-8658-20E0F4C4DA0C
cnvd1nvd1cve1cvelist1wpvulndb1prion1