Fast Flow < 1.2.13 – Admin+ Stored Cross-Site Scripting | CVE 2022-2775 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Create/edit a dashboard with an HTML widget in it and put the following payload in the Title or Description fields: <svg/onload=alert(/XSS/)>

The XSS will be triggered when viewing the Dashboard page (/wp-admin/admin.php?page=fast-flow)

Affects Plugins

fast-flow-dashboard

Fixed in 1.2.13

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Hardik Rathod

Submitter

Hardik Rathod

Submitter twitter

Verified

Yes

WPVDB ID

7101ce04-670e-4ce0-9f60-e00494ff379d

Timeline

Publicly Published

2022-07-31 (about 1 years ago)

Added

2022-08-15 (about 1 years ago)

Last Updated

2023-05-07 (about 1 years ago)

Other

Published

Title

Published

2019-07-05

Title

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Published

2020-04-06

Title

Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)

Published

2019-04-22

Title

WP Database Backup < 5.1.2 - XSS

Published

2014-08-01

Title

DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS

Published

2018-07-16

Title

Anycomment < 0.0.33 - XSS