Connections Business Directory < 10.4.3 – Admin+ Stored Cross-Site Scripting | CVE 2021-24794 | Plugin Vulnerabilities

Description

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.

Proof of Concept

Add an Entry (/wp-admin/admin.php?page=connections_add) and put the following payload in the Address Line fields: inval1d"><img src onerror=alert('xss')>

The XSS will be triggered when accessing Manage page (/wp-admin/admin.php?page=connections_manage)

Affects Plugins

Fixed in 10.4.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Huy Nguyen

Submitter

Huy Nguyen

Submitter website

https://www.linkedin.com/in/id-laladee/

Verified

Yes

WPVDB ID

651dc567-943e-4f57-8ec4-6eee466785f5

Timeline

Publicly Published

2021-09-28 (about 4 years ago)

Added

2021-09-28 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

WP-TopBar 4.02 - wp-topbar.php wptbbartext Parameter XSS

Published

2024-10-21

Title

WP-Members Membership Plugin < 3.4.9.6 - Reflected Cross-Site Scripting

Published

2024-09-30

Title

WP-Lister Lite for eBay < 3.6.5 - Reflected Cross-Site Scripting

Published

2023-09-01

Title

authLdap < 2.6.2 - Admin+ Stored XSS

Published

2025-01-15

Title

Realtyna Provisioning < 1.2.3 - Reflected Cross-Site Scripting