Lucene search

K

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

🗓️ 18 Jul 2022 00:00:00Reported by Fortune Sam OkonType 
wpexploit
 wpexploit
👁 100 Views

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting. To reproduce - Add payload in description, trigger on save/preview, even as admin/editor

Show more
Related
Code
Steps to reproduce:
1) As a Contributor, go to portfolio on the dashboard and add new item.
2) on the editing page that comes up, scroll down to the slider section
3) Add the payload in the description area. "<img src=1 onerror=alert('xss')>"
4) save and preview the item and watch the script trigger.
5)login as an administrator or editor and also preview the created portfolio item and the script gets triggered

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Jul 2022 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.001
100
.json
Report