Lucene search
Lana CodesWPEX-ID:E56759AE-7530-467A-B9BA-E9A404AFB872HistoryFeb 21, 2023 - 12:00 a.m.
real.Kit < 5.1.1 - Contributor+ Stored XSS
2023-02-2100:00:00
Lana Codes
65
real.kit version 5.1.1
contributor+
stored xss
modal open
exploit
post id
EPSS
0.001
Percentile
23.3%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
[modal open='1' class='" onmouseover="alert(1)" style="background:red;"']XSS[/modal]
Note: open is a post id.Related
cvelist
cvelist
CVE-2023-0364 real.Kit < 5.1.1 - Contributor+ Stored XSS
2023-03-20 15:52:14
nvd
nvd
CVE-2023-0364
2023-03-20 16:15:12
wpvulndb
wpvulndb
real.Kit < 5.1.1 - Contributor+ Stored XSS
2023-02-21 00:00:00
prion
prion
Cross site scripting
2023-03-20 16:15:00
cve
cve
CVE-2023-0364
2023-03-20 16:15:12