Lucene search
Vishnupriya ilangoWPVDB-ID:AB53A70C-57D5-400F-B11F-B1B7B2B0CF01HistoryJun 21, 2022 - 12:00 a.m.
Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL
2022-06-2100:00:00
Vishnupriya ilango
wpscan.com
11
0.001 Low
EPSS
Percentile
21.4%
The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
PoC
As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the “Link to” setting: ";alert(“XSS”)
References
Related
cnvd
cnvd
WordPress Brizy plugin cross-site scripting vulnerability
2022-06-30 00:00:00
prion
prion
Cross site scripting
2022-06-27 09:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-2040
2022-06-27 09:15:10
cve
cve
CVE-2022-2040
2022-06-27 09:15:10
cvelist
cvelist
wpexploit
wpexploit