Lucene search
Anurag BhoirWPEX-ID:CD8D71D1-030E-4AD4-866E-75D242883C6CHistoryAug 31, 2022 - 12:00 a.m.
Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
2022-08-3100:00:00
Anurag Bhoir
252
0.001 Low
EPSS
Percentile
24.9%
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5"
2 - Click on "Contact -> Add new" which is present at left side bar and create test contact form and save it.
3 - Click "Contact -> PDF with CF7" select test contact form from the drop down.
4 - Now add below mentioned xss script to each and every input field as shown in video poc
"><img src=x onerror=confirm(document.cookie)>
5 - Now Click on Save Changes, once the page loaded completely you will see xss popup with your cookies
6 - Now let's check with another admin user, login with 2nd admin user
9 - Click on the "Contact -> PDF with CF7" which is present at the left side bar and select test contact form from the drop down.
10 - 2nd admin account also gets xss popup with cookies
Related
prion
prion
Cross site scripting
2022-09-26 13:15:00
cnvd
cnvd
WordPress Generate PDF cross-site scripting vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-3070
2022-09-26 13:15:10
wpvulndb
wpvulndb
Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
2022-08-31 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-3070
2022-09-26 13:15:10