Lucene search
Dmitrii IgnatyevWPVDB-ID:38C337C6-048F-4009-AEF8-29C18AFA6FDCHistorySep 25, 2023 - 12:00 a.m.
WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
2023-09-2500:00:00
Dmitrii Ignatyev
wpscan.com
7
wordpress
plugin
stored xss
page/post
contributor role
EPSS
0.001
Percentile
20.8%
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
As a contributor, put the following shortcodes in the page/post and view/preview it [matterport src=“test” width=‘1 " onerror="alert(/XSS1/)’] [matterport src=“test” window=‘"onmouseover=alert(/XSS2/)//’] (and move the mouse over the generated block to trigger the XSS) Other affected attributes: height, help, hl, qs, brand, lang, hhl, kb, lp, title, tourcta, maxzoom, minzoom, zoomtrans, mpv, filter, minimapfilter, copyright, ga, aa
Related
cvelist
cvelist
cve
cve
CVE-2023-4289
2023-10-16 20:15:15
prion
prion
Cross site scripting
2023-10-16 20:15:00
wpexploit
wpexploit
WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
2023-09-25 00:00:00
nvd
nvd
CVE-2023-4289
2023-10-16 20:15:15