Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting

2021-09-20T00:00:00
ID WPVDB-ID:12F1ED97-D392-449D-B25C-42D241693888
Type wpvulndb
Reporter Genubhau Wayal
Modified 2021-09-20T05:50:13

Description

The plugin does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed

PoC

Put the following payload in the "Background Color" or "Labels Color" Skyscraper settings of the plugin in the (/wp-admin/options-general.php?page=skyscraper_options): "> Other settings might be affected as well