When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitize_text_field(), however the output is put in an attribute. v1.6.12 partially fixed it: some events were blacklisted, but arbitrary attributes could still be injected. Also, future events in web browsers could be released, making the security issue reappear.
v < 1.6.11: use payloads such as <script>alert(/XSS/)</script> v <= 1.6.11: payload such as " onfocus=alert(/XSS/) b= / " onmouseover=alert(/XSS/) b= v <= 1.6.12: " injected=something b=
2021-02-08 (about 1 years ago)
2021-02-08 (about 1 years ago)
2021-03-25 (about 1 years ago)