Lucene search

K
wpexploitKishore hariramWPEX-ID:D1885641-9547-4DD5-84BE-BA4A160EE1F5
HistoryJun 28, 2021 - 12:00 a.m.

Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

2021-06-2800:00:00
kishore hariram
85

0.001 Low

EPSS

Percentile

24.8%

The plugin does not sanitise or escape its “Steam Group Address” settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue

Enter the following payload in the "Steam Group Adrdess" setting of the plugin: "><script>alert(/XSS/)</script>

0.001 Low

EPSS

Percentile

24.8%

Related for WPEX-ID:D1885641-9547-4DD5-84BE-BA4A160EE1F5