Lucene search
Asif Nawaz Minhas & Sergen KoรงWPEX-ID:C3D43AAC-66C8-4218-B3F0-5256F895EDA3HistoryJan 19, 2024 - 12:00 a.m.
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
2024-01-1900:00:00
Asif Nawaz Minhas & Sergen Koรง
53
wordpress
chart.js
xss
font family
cross-site scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Go to "Charts > Settings".
2. For the Font Family, enter the payload: `</script>">//<SCRIPT>alert("XSS");</SCRIPT>.
3. Click on save and visit any page on the site to see the XSS.References
Related
nvd
nvd
CVE-2023-6082
2024-02-12 16:15:08
vulnrichment
vulnrichment
cve
cve
CVE-2023-6082
2024-02-12 16:15:08
wpvulndb
wpvulndb
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
2024-01-19 00:00:00
prion
prion
Cross site scripting
2024-02-12 16:15:00
cvelist
cvelist
wordfence
wordfence
AI Score
7.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:C3D43AAC-66C8-4218-B3F0-5256F895EDA3