Icegram < 2.1.8 – Contributor+ Stored Cross-Site Scripting | CVE 2022-1776 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

Create/edit a campaign (such as a Black Friday one), check the "Use Opt-in / Subscription / Lead capture form" settings and put the following payload in the "message_data[6130][form_header]" and "message_data[6130][form_footer]" fields: <img src onerror=alert(/XSS/)>

The XSS will be triggered when viewing/previewing the campaign

Affects Plugins

Fixed in 2.1.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Pritam Dash

Submitter

Pritam Dash

Verified

Yes

WPVDB ID

46ed56db-9b9d-4390-80fc-343a01fcc3c9

Timeline

Publicly Published

2022-06-01 (about 1 years ago)

Added

2022-06-01 (about 1 years ago)

Last Updated

2023-03-01 (about 1 years ago)

Other

Published

Title

Published

2017-03-06

Title

WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names

Published

2014-08-01

Title

Image Resizer - Cross Site Scripting

Published

2024-04-06

Title

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

Published

2022-01-10

Title

WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)

Published

2019-07-17

Title

All-in-One WP Migration < 7.0 - Authenticated Cross-Site Scripting (XSS)