Lucene search

K
wpvulndbShivam RaiWPVDB-ID:30635CC9-4415-48BB-9C67-EA670EA1B942
HistorySep 20, 2021 - 12:00 a.m.

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

2021-09-2000:00:00
Shivam Rai
wpscan.com
5

0.001 Low

EPSS

Percentile

24.8%

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

PoC

When adding new courses, the following fields can have XSS payloads like "> injected into them: - Course Settings > General > External Link field - Course Settings > Extra Information > Requirements field - Course Settings > Extra Information > Target Audience field - Course Settings > Extra Information > Key Features field - Course Settings > Extra Information > FAQ Title field

CPENameOperatorVersion
learnpresslt4.1.3.1

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:30635CC9-4415-48BB-9C67-EA670EA1B942