Lucene search
Nikhil KapoorWPEX-ID:9FE7E9D5-7BDF-4ADE-9A3C-B4AF863FA4E8HistoryJun 20, 2022 - 12:00 a.m.
Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
2022-06-2000:00:00
Nikhil Kapoor
77
bold page builder
admin+
cross-site scripting
stored
javascript payload
database
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
1. Navigate to Settings -> Bold Builder -> Bold Builder Settings and enter "</textarea><script>alert('XSS')</script>" into the "Color Schemes" input field.
2. Click Save Changes.
3. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up.Related
prion
prion
Cross site scripting
2022-07-11 13:15:00
cnvd
cnvd
WordPress Bold Page Builder pluginθ·¨η«θζ¬ζΌζ΄
2022-07-13 00:00:00
openvas
openvas
WordPress Bold Page Builder Plugin < 4.3.3 XSS Vulnerability
2024-01-04 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-2089
2022-07-11 13:15:09
wpvulndb
wpvulndb
Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
2022-06-20 00:00:00
cvelist
cvelist
CVE-2022-2089 Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
2022-07-11 12:57:15
cve
cve
CVE-2022-2089
2022-07-11 13:15:09