Lucene search
Andreas Damen WPEX-ID:6D50D3CC-7563-42C4-977B-F834FEE711DAHistoryJul 10, 2023 - 12:00 a.m.
Forminator < 1.24.4 - Reflected XSS
2023-07-1000:00:00
Andreas Damen
56
forminator
reflected xss
contact us
preset
settings
shortcode
preview
parameter
url
exploit
attack
0.001 Low
EPSS
Percentile
21.2%
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
1. Create a "Contact Us" form from the plugin presets
2. Click on the Message field, go to the "Settings" tab and choose a name for the parameter you want to use to pre-populate that field later, and write it down to in the field to that effect, in the "query parameter" textbox.
3. Save the form, add the resulting shortcode to a post, and preview it.
4. Once on the previewed post, add the parameter you set in Step 2 to the post's URL. Have it contain the following value:
```
<img src=x <script>onerror=alert(window.domain);//>
```
The resulting URL should look something similar to the following (the parameter name I chose at step 2 is "blah"):
https://example.com/?p=145&preview=true&blah=%3Cimg%20src=x%20%3Cscript%3Eonerror=alert(window.domain);//%3E
5. Click on the textarea containing the seemingly encoded IMG tag, and press backspace once. This should launch the alert box.Related
prion
prion
Cross site scripting
2023-07-31 10:15:00
nvd
nvd
CVE-2023-3134
2023-07-31 10:15:10
wpvulndb
wpvulndb
Forminator < 1.24.4 - Reflected XSS
2023-07-10 00:00:00
openvas
openvas
WordPress Forminator Plugin < 1.24.4 XSS Vulnerability
2023-09-06 00:00:00
cvelist
cvelist
CVE-2023-3134 Forminator < 1.24.4 - Reflected XSS
2023-07-31 09:37:34
cve
cve
CVE-2023-3134
2023-07-31 10:15:10
wordfence
wordfence