Lucene search
Kishore hariramWPVDB-ID:D1885641-9547-4DD5-84BE-BA4A160EE1F5HistoryJun 28, 2021 - 12:00 a.m.
Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-2800:00:00
kishore hariram
wpscan.com
4
0.001 Low
EPSS
Percentile
24.8%
The plugin does not sanitise or escape its “Steam Group Address” settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
PoC
Enter the following payload in the “Steam Group Adrdess” setting of the plugin: ">
| CPE | Name | Operator | Version |
|---|---|---|---|
| steam-group-viewer | eq | * |
Related
prion
prion
Cross site scripting
2021-08-02 11:15:00
wpexploit
wpexploit
Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-28 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-24476
2021-08-02 11:15:10
cve
cve
CVE-2021-24476
2021-08-02 11:15:10
cnvd
cnvd
WordPress Steam Group Viewer plugin cross-site scripting vulnerability
2021-08-05 00:00:00