Lucene search
Fayçal CHENAWPEX-ID:2CE2A387-ACC8-482A-9452-A4D9ACB187FDHistoryJul 11, 2022 - 12:00 a.m.
Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting
2022-07-1100:00:00
Fayçal CHENA
133
admin+ cross-site scripting
stored
event timeline
payload
update trigger
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Create/edit a Timeline, put the following payload in the "Text" field at the bottom: <script>alert(/XSS/)</script>
Click save (below the Text field, not the button on top of the page), then click Update
The XSS will be triggered in post/page where the Timeline is embedRelated
cve
cve
CVE-2022-1324
2022-08-01 13:15:09
wpvulndb
wpvulndb
Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting
2022-07-11 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-1324 Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting
2022-08-01 12:47:32
nvd
nvd
CVE-2022-1324
2022-08-01 13:15:09
prion
prion
Cross site scripting
2022-08-01 13:15:00