Brizy Page Builder < 2.4.2 – Contributor+ Stored Cross-Site Scripting via Element URL | CVE 2022-2040 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the "Link to" setting: ";</script><script>alert("XSS")</script>

The XSS will be triggered when viewing/previewing the post (for example when an admin reviews it)

Affects Plugins

Fixed in 2.4.2

References

CVE

URL

https://www.fortiguard.com/zeroday/FG-VD-21-111

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vishnupriya ilango

Submitter

Vishnupriya ilango

Submitter website

https://www.fortiguard.com/zeroday

Verified

Yes

WPVDB ID

ab53a70c-57d5-400f-b11f-b1b7b2b0cf01

Timeline

Publicly Published

2022-06-21 (about 1 years ago)

Added

2022-06-21 (about 1 years ago)

Last Updated

2023-03-27 (about 1 years ago)

Other

Published

Title

Published

2016-04-26

Title

Gnucommerce < 0.5.7-beta - XSS

Published

2019-07-27

Title

Animate It < 2.3.6 - XSS

Published

2019-06-26

Title

WP Ultimate Recipe <= 3.12.6 - Authenticated Stored XSS

Published

2021-09-20

Title

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

Published

2024-03-25

Title

Frontend Dashboard < 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting