Lucene search
ZhangyunpeiWPEX-ID:684941AD-541F-43F9-A7EF-D26C0F4E6E21HistoryNov 02, 2022 - 12:00 a.m.
Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS
2022-11-0200:00:00
zhangyunpei
102
font awesome 4 menus
admin
stored xss
exploit
settings page
0.0004 Low
EPSS
Percentile
14.1%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Put the following payload in the "A custom location" settings of the plugin: 123" onmouseenter=alert(/XSS/) "
The XSS will be triggered when accessing the settings page again and moving the mouse over the input boxRelated
cvelist
cvelist
CVE-2022-3829 Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS
2024-01-16 15:53:24
wpvulndb
wpvulndb
Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS
2022-11-02 00:00:00
cve
cve
CVE-2022-3829
2024-01-16 16:15:10
nvd
nvd
CVE-2022-3829
2024-01-16 16:15:10
prion
prion
Cross site scripting
2024-01-16 16:15:00
patchstack
patchstack