Lucene search
WpvulndbWPVDB-ID:FCF6894F-D2DD-4CD5-9D42-7F617C2BBA32HistoryDec 12, 2020 - 12:00 a.m.
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
2020-12-1200:00:00
wpscan.com
7
0.002 Low
EPSS
Percentile
65.0%
The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection.
PoC
Iimport a CSV file containing the following in the header: ‘term**" autofocus onfocus={alert(‘Complex\u0020XSS’);alert(document.cookie);}//’"
| CPE | Name | Operator | Version |
|---|---|---|---|
| directories | lt | 1.3.46 |
References
Related
patchstack
patchstack
cvelist
cvelist
CVE-2020-29304
2020-12-14 19:48:28
prion
prion
Cross site scripting
2020-12-14 20:15:00
nvd
nvd
CVE-2020-29304
2020-12-14 20:15:12
cve
cve
CVE-2020-29304
2020-12-14 20:15:12
wpexploit
wpexploit
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
2020-12-12 00:00:00
packetstorm
packetstorm
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
2020-12-11 00:00:00