Lucene search
Asif Nawaz MinhasWPVDB-ID:38053E05-4B17-4FA9-ACD3-85D8529B202BHistoryAug 30, 2021 - 12:00 a.m.
Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting
2021-08-3000:00:00
Asif Nawaz Minhas
wpscan.com
12
gdpr
ccpa
stored cross-site scripting
attribute escaping
admin privilege
unfiltered html
EPSS
0.001
Percentile
24.8%
The plugin does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.
PoC
Put the following payload in the Button text setting of the plugin (in the Notice Setting section) " style=animation-name:twentytwentyone-close-button-transition onanimationend=alert(/XSS/)// "onmouseover=alert(/XSS/)// Then go on any page of the frontend to trigger the XSS (which may require some user interaction depending on the payload/theme used)
Related
prion
prion
Cross site scripting
2021-09-27 16:15:00
patchstack
patchstack
cvelist
cvelist
openvas
openvas
nvd
nvd
CVE-2021-24569
2021-09-27 16:15:08
cve
cve
CVE-2021-24569
2021-09-27 16:15:08
wpexploit
wpexploit