Lucene search
Lana CodesWPVDB-ID:545C9E2F-BACD-4F30-AE01-DE1583E26D32HistoryFeb 20, 2023 - 12:00 a.m.
Companion Sitemap Generator <= 4.5.2 - Contributor+ Stored XSS
2023-02-2000:00:00
Lana Codes
wpscan.com
7
companion sitemap generator
stored xss
contributor role
0.001 Low
EPSS
Percentile
23.3%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PoC
[html-sitemap columns=‘1" onmouseover=“alert(/XSS/)”’]
| CPE | Name | Operator | Version |
|---|---|---|---|
| companion-sitemap-generator | eq | * |
Related
cvelist
cvelist
cve
cve
CVE-2023-0066
2023-03-13 17:15:12
nvd
nvd
CVE-2023-0066
2023-03-13 17:15:12
prion
prion
Cross site scripting
2023-03-13 17:15:00
wpexploit
wpexploit
Companion Sitemap Generator <= 4.5.2 - Contributor+ Stored XSS
2023-02-20 00:00:00
wordfence
wordfence