Lucene search
Bilal ChawichWPEX-ID:B1AEF75D-0C84-4702-83FC-11F0E98A0821HistoryDec 19, 2022 - 12:00 a.m.
Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
2022-12-1900:00:00
Bilal Chawich
102
slimstat analytics
unauthenticated
stored xss
url
admin
real time
access log
exploit
EPSS
0.001
Percentile
46.1%
The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs
As an unauthenticated user, open the following URL https://example.com/?s="><script>alert(/XSS/)</script>
The XSS will be triggered when an admin view the Real Time menu and click on the related access log.Related
wpvulndb
wpvulndb
Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
2022-12-19 00:00:00
openvas
openvas
WordPress Slimstat Analytics Plugin < 4.9.3 XSS Vulnerability
2023-01-11 00:00:00
cve
cve
CVE-2022-4310
2023-01-09 23:15:27
prion
prion
Cross site scripting
2023-01-09 23:15:00
osv
osv
CVE-2022-4310
2023-01-09 23:15:27
cvelist
cvelist
CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS
2023-01-09 22:13:26
nvd
nvd
CVE-2022-4310
2023-01-09 23:15:27