Lucene search

K
wpvulndbKishore hariramWPVDB-ID:D1885641-9547-4DD5-84BE-BA4A160EE1F5
HistoryJun 28, 2021 - 12:00 a.m.

Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

2021-06-2800:00:00
kishore hariram
wpscan.com
4

0.001 Low

EPSS

Percentile

24.8%

The plugin does not sanitise or escape its “Steam Group Address” settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue

PoC

Enter the following payload in the “Steam Group Adrdess” setting of the plugin: ">

CPENameOperatorVersion
steam-group-viewereq*

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:D1885641-9547-4DD5-84BE-BA4A160EE1F5