Lucene search
Lana CodesWPEX-ID:E7DC0202-6BE4-46FC-A451-FB3A25727B51HistoryDec 29, 2022 - 12:00 a.m.
GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode
2022-12-2900:00:00
Lana Codes
165
gs logo slider" "contributor+" "stored xss" "shortcode" "exploit
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Exploit shortcode:
[gs_logo id='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"']Related
wpvulndb
wpvulndb
GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode
2022-12-29 00:00:00
cvelist
cvelist
CVE-2022-4624 GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode
2023-01-23 14:31:31
nvd
nvd
CVE-2022-4624
2023-01-23 15:15:15
prion
prion
Cross site scripting
2023-01-23 15:15:00
cve
cve
CVE-2022-4624
2023-01-23 15:15:15