Lucene search
WpvulndbWPVDB-ID:721DDC3E-AB24-4834-BD47-4EB6700439A9HistoryMar 30, 2022 - 12:00 a.m.
Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting
2022-03-3000:00:00
wpscan.com
4
donorbox
admin
stored cross-site scripting
plugin
campaign url
cross-site scripting
EPSS
0.001
Percentile
36.0%
The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the Campaign URL settings of the plugin: ">
References
Related
cve
cve
CVE-2022-1396
2022-04-25 16:16:08
cvelist
cvelist
CVE-2022-1396 Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting
2022-04-25 15:51:29
nvd
nvd
CVE-2022-1396
2022-04-25 16:16:08
wpexploit
wpexploit
Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting
2022-03-30 00:00:00
prion
prion
Cross site scripting
2022-04-25 16:16:00
cnvd
cnvd
WordPress plugin Donorbox cross-site scripting vulnerability
2022-04-27 00:00:00