Lucene search

K

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

🗓️ 05 Oct 2021 00:00:00Reported by Asif Nawaz MinhasType 
wpexploit
 wpexploit
👁 301 Views

Booking.com Banner Creator admin XSS vulnerabilit

Show more
Related
Code
* Open the plugin's add new banner page (B.com Banner -> Add New Banner)
* The form field named "Banner Copy" is vulnerable to XSS payloads like:
 <--`<img/src=` onerror=alert(document.cookie)``> --!>
* Update or Publish the page, and you will be provided a shortcode similar to [bdotcom_bm bannerid="123"]
* You will then need to create a page that includes the Banner's shortcode above.
* Visiting the page with the banner's shortcode will trigger the XSS payload to execute,

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Oct 2021 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.001
301
.json
Report