CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting | CVE 2023-2795 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. In the plugin's settings, add the payload `"><script>alert(1)</script>` to the "Custom CSS Classes" field.
2. Save and when the page reloads, see XSS.

Affects Plugins

Fixed in 0.10.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ilyase Dehy and Aymane Mazguiti

Submitter

Ilyase Dehy

Verified

Yes

WPVDB ID

2d6ecd21-3dd4-423d-80e7-277c45080a9f

Timeline

Publicly Published

2023-06-05 (about 11 months ago)

Added

2023-06-05 (about 11 months ago)

Last Updated

2023-06-05 (about 11 months ago)

Other

Published

Title

Published

2011-12-05

Title

Lazyest Backup < 0.2.2 - XSS

Published

2024-03-28

Title

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2016-10-10

Title

Photoxhibit <= 2.1.8 - Reflected XSS Issues

Published

2023-04-19

Title

Help Desk WP <= 1.2.0 - Editor+ Stored XSS

Published

2020-03-23

Title

Cookiebot < 3.6.1 - Authenticated Reflected Cross-Site Scripting (XSS)