Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitAkash Rajendra PatilWPEX-ID:213D7C08-A37C-49D0-A072-24DB711DA5EC
HistoryOct 25, 2021 - 12:00 a.m.

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

2021-10-2500:00:00
Akash Rajendra Patil
56
ninja tables
version 4.1.8
admin+
stored cross-site scripting
table design
table row
exploit

EPSS

0.001

Percentile

36.0%

JSON

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Create a table, add a column with the following payload "><img src=x onerror=confirm(/XSS-column/)> as Name, then add data with the following payload "><img src=x onerror=confirm(/XSS-data/)>

The XSS will be triggered in the Table Design and Table Row tabs

Related

prion 1
cve 1
cvelist 1
patchstack 1
nvd 1
wpvulndb 1
cnvd 1
prion
prion
Cross site scripting
2022-02-01 13:15:00
cve
cve
CVE-2021-24900
2022-02-01 13:15:08
cvelist
cvelist
CVE-2021-24900 Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting
2022-02-01 12:21:28
patchstack
patchstack
WordPress Ninja Tables plugin <= 4.1.7 - Stored Cross-Site Cross-Site Scripting (XSS) vulnerability
2021-10-25 00:00:00
nvd
nvd
CVE-2021-24900
2022-02-01 13:15:08
wpvulndb
wpvulndb
Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting
2021-10-25 00:00:00
cnvd
cnvd
WordPress Ninja Tables plugin cross-site scripting vulnerability
2022-02-10 00:00:00

EPSS

0.001

Percentile

36.0%

JSON
Related for WPEX-ID:213D7C08-A37C-49D0-A072-24DB711DA5EC
prion1cve1cvelist1patchstack1nvd1wpvulndb1cnvd1