Lucene search
ABISHEIK MWPVDB-ID:B968B9A1-67F3-4BEF-A3D3-6E8942BB6570HistoryJul 19, 2021 - 12:00 a.m.
PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS
2021-07-1900:00:00
ABISHEIK M
wpscan.com
5
phonetrack meu site manager
plugin
authenticated
stored
xss
vulnerability
cross-site scripting
attribute
page
settings
php_id
poc
payload
sanitise
escape
output
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise or escape its “php_id” setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.
PoC
Put the following payload in the “php_id” field in the plugin’s settings (/wp-admin/options-general.php?page=phtmanager): ">
Related
cve
cve
CVE-2021-24534
2021-08-16 11:15:08
wpexploit
wpexploit
PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS
2021-07-19 00:00:00
cvelist
cvelist
CVE-2021-24534 PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS
2021-08-16 10:48:28
cnvd
cnvd
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-66920)
2021-08-18 00:00:00
prion
prion
Cross site scripting
2021-08-16 11:15:00
nvd
nvd
CVE-2021-24534
2021-08-16 11:15:08