Lucene search
Raad Haddad of Cloudyrion GmbHWPVDB-ID:00E36AD9-B55B-4D17-96FB-E415EEC47422HistoryJul 18, 2022 - 12:00 a.m.
Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting
2022-07-1800:00:00
Raad Haddad of Cloudyrion GmbH
wpscan.com
9
thinkific uploader
admin
stored cross-site scripting
settings
high privilege users
cross-site scripting
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.
PoC
Put the following payload in any of the settings: ">
Related
patchstack
patchstack
wpexploit
wpexploit
Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting
2022-07-18 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-2426
2022-08-08 14:15:10
cve
cve
CVE-2022-2426
2022-08-08 14:15:10
prion
prion
Cross site scripting
2022-08-08 14:15:00