Jeeng Push Notifications < 2.0.4 – Admin+ Stored Cross-Site Scripting | CVE 2022-3610 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "Account ID" setting of the plugin and save: "><img src=x onerror=alert(/XSS/)>

The XSS will be triggered when accessing the settings again

Affects Plugins

jeeng-push-notifications

Fixed in 2.0.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Mariam Tariq

Submitter

Mariam Tariq - HunterSherlock

Verified

Yes

WPVDB ID

33b52dd7-613f-46e4-b8ee-beddd31689eb

Timeline

Publicly Published

2022-11-02 (about 1 years ago)

Added

2022-11-02 (about 1 years ago)

Last Updated

2022-11-02 (about 1 years ago)

Other

Published

Title

Published

2014-08-01

Title

Soundcloud Is Gold < 2.2.1 - Cross-Site Scripting (XSS)

Published

2022-05-26

Title

Hotel Booking <= 3.4 - Contributor+ Stored Cross-Site Scripting

Published

2015-01-25

Title

WP SlimStat <= 3.9.2 - Stored Cross-Site Scripting (XSS)

Published

2023-05-11

Title

LetterPress <= 1.2.1 - Admin+ Stored Cross-Site Scripting

Published

2023-02-21

Title

ProfilePress < 4.5.5 - Reflected XSS