Lucene search
ZhongFu Su(JrXnm) of Wuhan UniversityWPEX-ID:820C51D6-186E-4D63-B4A7-BD0A59C02CC8HistoryMay 30, 2022 - 12:00 a.m.
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
2022-05-3000:00:00
ZhongFu Su(JrXnm) of Wuhan University
103
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the "Try to increase the memory limit to" settings of the plugin: <script>alert(/XSS/)</script>
The XSS will be triggered when accessing the Debug Function, e.g: https://example.com/wp-admin/options-general.php?page=google-sitemap-generator%2Fsitemap.php&sm_rebuild=true&sm_do_debug=true&_wpnonce=3e59e7544aRelated
prion
prion
Cross site scripting
2022-06-20 11:15:00
nvd
nvd
CVE-2021-25088
2022-06-20 11:15:08
wpvulndb
wpvulndb
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
2022-05-30 00:00:00
openvas
openvas
WordPress XML Sitemap Generator for Google Plugin < 4.1.3 XSS Vulnerability
2023-10-03 00:00:00
cvelist
cvelist
patchstack
patchstack
cnvd
cnvd
WordPress plugin XML Sitemaps跨站脚本漏洞
2022-06-22 00:00:00
cve
cve
CVE-2021-25088
2022-06-20 11:15:08