The plugin does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
Create an audit with the following payload in the Audit Name field: "><img src onerror=alert(/XSS/)> Then view the 'All Audit' or 'Dashboard' (of the plugin) pages to trigger the XSS
Akash Rajendra Patil
Akash Rajendra Patil
Yes
2021-07-19 (about 1 years ago)
2021-07-19 (about 1 years ago)
2022-04-12 (about 1 years ago)