Lucene search
Charles NeillWPEX-ID:3CB6636B-FFC5-4DD7-BCA6-62C1AB06E6C8HistoryJun 12, 2015 - 12:00 a.m.
Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
2015-06-1200:00:00
Charles Neill
14
0.003 Low
EPSS
Percentile
70.0%
The “snippet preview” functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2.
Vulnerable URL:
/wp-admin/post-new.php?post_title=<img src=x onerror=alert(1)>
Vulnerable Code (wordpress-seo/js/wp-seo-metabox.js):
function yst_clean(str) {
if (str == '' || str == undefined)
return '';
try {
str = jQuery('<div/>').html(str).text();
str = str.replace(/<\/?[^>]+>/gi, '');
str = str.replace(/\[(.+?)\](.+?\[\/\\1\])?/g, '');
} catch (e) {
}
return str;
}
Link: https://github.com/Yoast/wordpress-seo/blob/2.1.1/js/wp-seo-metabox.js#L1-13References
Related
cve
cve
CVE-2012-6692
2015-06-17 18:59:00
cvelist
cvelist
CVE-2012-6692
2015-06-17 18:00:00
nvd
nvd
CVE-2012-6692
2015-06-17 18:59:00
wpvulndb
wpvulndb
Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
2015-06-12 00:00:00
prion
prion
Cross site scripting
2015-06-17 18:59:00