Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting. To reproduce - Add payload in description, trigger on save/preview, even as admin/editor
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
CVE | CVE-2022-2391 | 8 Aug 202214:15 | – | cve |
WPVulnDB | Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting | 18 Jul 202200:00 | – | wpvulndb |
Patchstack | WordPress Inspiro Pro premium theme < 7.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | 18 Jul 202200:00 | – | patchstack |
Prion | Information disclosure | 8 Aug 202214:15 | – | prion |
Cvelist | CVE-2022-2391 Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting | 8 Aug 202213:48 | – | cvelist |
NVD | CVE-2022-2391 | 8 Aug 202214:15 | – | nvd |
Steps to reproduce:
1) As a Contributor, go to portfolio on the dashboard and add new item.
2) on the editing page that comes up, scroll down to the slider section
3) Add the payload in the description area. "<img src=1 onerror=alert('xss')>"
4) save and preview the item and watch the script trigger.
5)login as an administrator or editor and also preview the created portfolio item and the script gets triggered
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo