The plugin does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
As admin, enter the following payload in the Domain Key setting of the plugin: Then open https://example.com/wp-admin/admin.php?page=litespeed-general&qc_res=alert(/XSS/)
CPE | Name | Operator | Version |
---|---|---|---|
litespeed-cache | lt | 4.4.4 |