Smart Slider 3 < 3.5.0.9 – Authenticated Stored Cross-Site Scripting (XSS) | CVE 2021-24382

Description

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.

Proof of Concept

Goto Dashboard -> New Project and enter a JavaScript payload within the Name field (projectName parameter), such as <script>alert(/XSS/)</script>

Affects Plugins

smart-slider-3

Fixed in 3.5.0.9

nextend-smart-slider3-pro

Fixed in 3.5.0.9

References

CVE

CVE-2021-24382

Exploitdb

49958

URL

https://packetstormsecurity.com/files/#162991/

URL

https://smartslider.helpscoutdocs.com/article/1746-changelog

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.8 (medium)

Miscellaneous

Original Researcher

Hardik Solanki, blackangel

Verified

Yes

WPVDB ID

7b32a282-e51f-4ee5-b59f-5ba10e62a54d

Timeline

Publicly Published

2021-06-07 (about 2 years ago)

Added

2021-06-10 (about 2 years ago)

Last Updated

2022-01-17 (about 2 years ago)

Other

Published

Title

Published

2023-11-21

Title

EventPrime – Modern Events Calendar, Bookings and Tickets < 3.3.3 - Contributor+ Stored XSS

Published

2017-03-01

Title

WP-Filebase Download Manager - Authenticated Cross-Site Scripting (XSS)

Published

2023-08-11

Title

WP 404 Auto Redirect to Similar Post < 1.0.4 - Admin+ Stored XSS

Published

2014-08-01

Title

Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS

Published

2023-03-27

Title

Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting