Highlight < 0.9.3 – Authenticated Stored Cross-Site Scripting | CVE 2021-24591 | Plugin Vulnerabilities

Description

The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well: </style><script>alert(/XSS-aaa/)</script>

Then visit the homepage to trigger the XSS

https://github.com/xiahao90/CVEproject/blob/main/wordpress_Highlight_XSS.md

Affects Plugins

Fixed in 0.9.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

xiahao@webray.com.cn inc

Submitter

xiahao@webray.com.cn inc

Submitter twitter

lAmn9V6MU9Dfb8p

Verified

Yes

WPVDB ID

c5cbe3b4-2829-4fd2-8194-4b3a2ae0e257

Timeline

Publicly Published

2021-08-06 (about 2 years ago)

Added

2021-08-06 (about 2 years ago)

Last Updated

2022-02-24 (about 2 years ago)

Other

Published

Title

Published

2023-01-13

Title

Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting

Published

2022-01-12

Title

Quiz And Survey Master < 7.3.7 - Reflected Cross-Site Scripting

Published

2021-12-14

Title

Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting

Published

2022-01-26

Title

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

Published

2021-07-15

Title

Form Maker < 1.13.60 - Authenticated Stored XSS