Lucene search
Maurice FielenbachWPEX-ID:38D99C7D-2D10-4910-B95A-1CB545B813C4HistoryApr 12, 2023 - 12:00 a.m.
WP Inventory Manager < 2.1.0.12 - Reflected XSS
2023-04-1200:00:00
Maurice Fielenbach
47
inventory manager
reflected xss
shortcode
payload
exploit
0.001 Low
EPSS
Percentile
31.0%
The plugin does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.
On a page where the [wpinventory] shortcode is embed, append the following payload: message=<script>alert(/XSS/)</script>
For example: https://example.com/inventory?message=<script>alert(/XSS/)</script>Related
cve
cve
CVE-2023-1806
2023-05-08 14:15:13
wpvulndb
wpvulndb
WP Inventory Manager < 2.1.0.12 - Reflected XSS
2023-04-12 00:00:00
nvd
nvd
CVE-2023-1806
2023-05-08 14:15:13
prion
prion
Cross site scripting
2023-05-08 14:15:00
cvelist
cvelist
CVE-2023-1806 WP Inventory Manager < 2.1.0.12 - Reflected XSS
2023-05-08 13:58:13
wordfence
wordfence