4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
As admin, put the below payloads in the related vulnerable field/s and save them (there is some validation done client side for the Maximum fields, but won’t be done server side, so either repeat the request with the payloads, or inject the fields in the web browser and change them to text type) Affected fields and related payloads: - Base Slug (request_a_quote_ent_map_list[emd_quote][rewrite]): '> Attachments Section - Maximum files (request_a_quote_ent_map_list[emd_quote][max_files][emd_contact_attachment]): "> - Maximum file size (request_a_quote_ent_map_list[emd_quote][max_file_size][emd_contact_attachment]): "> - Allowed file extensions (request_a_quote_ent_map_list[emd_quote][file_exts][emd_contact_attachment]):
CPE | Name | Operator | Version |
---|---|---|---|
request-a-quote | lt | 2.3.5 |
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N