Lucene search
Taurus OmarWPEX-ID:A76B6D22-1E00-428A-8A04-12162BD0D992HistoryMay 10, 2023 - 12:00 a.m.
Seo By 10Web < 1.2.7 - Admin+ Stored XSS
2023-05-1000:00:00
Taurus Omar
83
seo by 10web
sitemap section
stored xss
admin+
exploit
vulnerability
EPSS
0.002
Percentile
52.4%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Go to SEO by 10Web ยป Sitemap section.
2. And new URL to the page.
3. Add XSS payload: "><audio src=x onerror=confirm("XSS")>
4. Save to trigger the XSS.Related
cvelist
cvelist
CVE-2023-2224 Seo By 10Web < 1.2.7 - Admin+ Stored XSS
2023-06-05 13:39:02
nvd
nvd
CVE-2023-2224
2023-06-05 14:15:09
wpvulndb
wpvulndb
Seo By 10Web < 1.2.7 - Admin+ Stored XSS
2023-05-10 00:00:00
cve
cve
CVE-2023-2224
2023-06-05 14:15:09
packetstorm
packetstorm
WordPress Seo By 10Web Cross Site Scripting
2023-07-25 00:00:00
nuclei
nuclei
Seo By 10Web < 1.2.7 - Cross-Site Scripting
2023-10-02 11:57:09
prion
prion
Cross site scripting
2023-06-05 14:15:00
wordfence
wordfence