You Shang <= 1.0.1 – Authenticated Stored Cross-Site Scripting | CVE 2021-24597 | Plugin Vulnerabilities

Description

The plugin does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used

Proof of Concept

Put the following payload in the wechat_qrcode settings of the plugin: http://127.0.0.1/"onerror=alert(/XSS/)// and the XSS will be triggered in all frontend posts

The following payload could also be used to only trigger in the plugin's settings page: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

yangshengcheng@webray.com.cn inc

Submitter

yangshengcheng@webray.com.cn inc

Verified

Yes

WPVDB ID

37554d0e-68e2-4df9-8c59-65f5cd7f184e

Timeline

Publicly Published

2021-07-30 (about 2 years ago)

Added

2021-08-19 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2022-03-28

Title

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

Published

2023-10-12

Title

Fast WP Speed <= 1.0.0 - Reflected XSS

Published

2014-08-01

Title

NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting (XSS)

Published

2023-01-25

Title

Auto Hide Admin Bar < 1.6.2 - Admin+ Stored XSS

Published

2024-03-25

Title

NPS computy < 2.7.6 - Admin+ Stored XSS