System Dashboard < 2.8.10 - XSS via Header Injection

2024-02-2800:00:00

Dmitrii Ignatyev

wpscan.com

xss

header injection

wordpress

cross-site scripting

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks

PoC

X-Forwarded-For: 11.11.11.11

References

research.cleantalk.org/cve-2023-7246/