Lucene search
Lana CodesWPEX-ID:91C00B17-00BA-4C3F-8587-D54449A02659HistoryJan 17, 2023 - 12:00 a.m.
Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
2023-01-1700:00:00
Lana Codes
170
rich
table of contents
contributor
stored
xss
vulnerability
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Note: The shortcode generates the content based on the h2 tags, so the heading tags must also be specified. Please use the Classic editor ยป text area to paste the content:
<h2>title</h2>
[rtoc_mokuji frame_design='" onmouseover="alert(1)"' list_h2_type='round' heading='h2']Related
prion
prion
Cross site scripting
2023-02-13 15:15:00
nvd
nvd
CVE-2022-4551
2023-02-13 15:15:17
cve
cve
CVE-2022-4551
2023-02-13 15:15:17
wpvulndb
wpvulndb
Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
2023-01-17 00:00:00
cvelist
cvelist
CVE-2022-4551 Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
2023-02-13 14:32:08