Lucene search
WpvulndbWPEX-ID:6E01BC29-6E4F-421F-9144-845C8A18F79DHistoryAug 29, 2022 - 12:00 a.m.
Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block
2022-08-2900:00:00
wpvulndb
105
website builder
authenticated
stored xss
text block
vulnerability
exploit
plugin editor
payload
EPSS
0.001
Percentile
19.4%
The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin’s editor to perform Cross-Site Scripting attacks
Create a post using the plugin editor, add a Text Block and put the following payload in its content: <img src onerror=alert(/XSS/)>
The XSS will be triggered when editing the post again, as well as when viewing the postRelated
cvelist
cvelist
nvd
nvd
CVE-2022-2430
2022-09-06 18:15:13
wpvulndb
wpvulndb
prion
prion
Cross site scripting
2022-09-06 18:15:00
patchstack
patchstack
cve
cve
CVE-2022-2430
2022-09-06 18:15:13