Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS

2021-08-06T00:00:00
ID WPVDB-ID:D6846774-1958-4C8D-BB64-AF0D8C46E6E7
Type wpvulndb
Reporter Asif Nawaz Minhas
Modified 2021-08-06T20:11:00

Description

The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.

PoC

Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload like "". Click "Publish" to store the payload.