Lucene search
Bob MatyasWPEX-ID:C430B30D-61DB-45F5-8499-91B491503B9CHistoryApr 26, 2024 - 12:00 a.m.
Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
2024-04-2600:00:00
Bob Matyas
27
swift framework stored xss shortcode update poc may 10 2024.
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
1. As a contributor, go to "Swift Slider > Add New Slide"
2. In the "Content > Caption Text" add the POC: `[spb_boxed_content element_name="red" title=""test" box_link="red"" box_link_target="self" el_class='red" onmouseover="alert(/XSScontrib5/)"' width='1/1' el_position="first last"]test content[/spb_boxed_content]`
3. When an admin approves the slide, the XSS will be seen.
Note: Other shortcodes throughout the plugin are vulnerable to the same issue.Related
cvelist
cvelist
wpvulndb
wpvulndb
Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
2024-04-26 00:00:00
nvd
nvd
CVE-2024-2697
2024-05-17 06:15:51
cve
cve
CVE-2024-2697
2024-05-17 06:15:51
vulnrichment
vulnrichment
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:C430B30D-61DB-45F5-8499-91B491503B9C