Lucene search

K
wpexploitShivam RaiWPEX-ID:30635CC9-4415-48BB-9C67-EA670EA1B942
HistorySep 20, 2021 - 12:00 a.m.

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

2021-09-2000:00:00
Shivam Rai
247

0.001 Low

EPSS

Percentile

24.8%

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

When adding new courses, the following fields can have XSS payloads like "><script>alert(1)</script> injected into them: 
- Course Settings > General > External Link field 
- Course Settings > Extra Information > Requirements field
- Course Settings > Extra Information > Target Audience field
- Course Settings > Extra Information > Key Features field
- Course Settings > Extra Information > FAQ Title field

0.001 Low

EPSS

Percentile

24.8%

Related for WPEX-ID:30635CC9-4415-48BB-9C67-EA670EA1B942