\----[]- Persistent XSS on any property page: -[]---- Vulnerable input fields: 1 - Description & Price -> 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information -> 'TITLE' and 'VALUE'; 3 - Location & Map -> 'ADDRESS *'. Payload Sample:  \----[]- Persistent XSS on user profile page: -[]---- Vulnerable input fields: Profile Information -> 'OFFICE NUMBER', 'MOBILE NUMBER' and 'FAX NUMBER'. Payload Sample: "> Edit (WPScanTeam): The persistent XSS has been fixed for new submitted data, but existing payloads in the profile page will still be triggered.
{"id": "WPEX-ID:726EA7EA-37F8-4DB8-8DAF-CCCF70332634", "type": "wpexploit", "bulletinFamily": "exploit", "title": "Reality < 2.4.0 - Multiple Persistent XSS", "description": "\\----[]- Persistent XSS on any property page: -[]---- Vulnerable input fields: 1 - Description & Price -> 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information -> 'TITLE' and 'VALUE'; 3 - Location & Map -> 'ADDRESS *'. Payload Sample:  \\----[]- Persistent XSS on user profile page: -[]---- Vulnerable input fields: Profile Information -> 'OFFICE NUMBER', 'MOBILE NUMBER' and 'FAX NUMBER'. Payload Sample: \"> Edit (WPScanTeam): The persistent XSS has been fixed for new submitted data, but existing payloads in the profile page will still be triggered.\n", "published": "2019-09-08T00:00:00", "modified": "2021-01-19T20:34:16", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "subversa", "references": ["https://themeforest.net/item/reality-real-estate-wordpress-theme/21627776"], "cvelist": [], "lastseen": "2021-02-16T04:39:59", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.6}, "sourceData": "----[]- Persistent XSS on any property page: -[]----\r\nYou need a new user account, then edit any existed property or create a new one.\r\n\r\nVulnerable input fields:\r\n1 - Description & Price -> \u00abPRICE POSTFIX TEXT\u00bb and \u00abSECOND PRICE POSTFIX TEXT\u00bb;\r\n2 - Additional Information -> \u00abTITLE\u00bb and \u00abVALUE\u00bb;\r\n3 - Location & Map -> \u00abADDRESS *\u00bb.\r\n\r\nPayload Sample: <img src=x onerror=(alert)(document.cookie)>\r\n\r\n\r\n----[]- Persistent XSS on user profile page: -[]----\r\nhttp://reality.inwavethemes.com/dashboard/?tab=my-profile\r\n\r\nVulnerable input fields:\r\nProfile Information -> \u00abOFFICE NUMBER\u00bb, \u00abMOBILE NUMBER\u00bb and \u00abFAX NUMBER\u00bb.\r\n\r\nPayload Sample: \"><script>alert('XSS');</script>\r\n\r\nLive example: http://reality.inwavethemes.com/author/asdasd/", "generation": 1, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646044776, "score": 1659843777, "epss": 1679062491}, "_internal": {"score_hash": "ae1505c65a1ef6558055ceb65538ca88"}}
Reality < 2.4.0 - Multiple Persistent XSS