[wp-trac] [WordPress Trac] #43622: Vulnrability : Cross-site_Scripting_(XSS)
WordPress Trac
noreply at wordpress.org
Fri Mar 23 18:18:22 UTC 2018
#43622: Vulnrability : Cross-site_Scripting_(XSS)
--------------------------+-----------------------------
Reporter: sajibekanti | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.4
Severity: critical | Keywords: bug
Focuses: Security |
--------------------------+-----------------------------
Hi
My Name Is Sajibe Kanti
Affected Version: WordPress 4.9.4
Vulnrability : Cross-site_Scripting_(XSS)
Step Of Reproduce :
1. Logging Your Wordpress Admin Panel
2. Now Click Dashboard
3. Now Click / Go For WordPress Events And News
4. Now Enter This Payload In City Box : "><img src=1
onerror=prompt(document.cookie);>
5. Now You Can See XSS with Cookies
See PoC Pic
http://prntscr.com/ivfqfu
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43622>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list