[wp-trac] [WordPress Trac] #43622: Vulnrability : Cross-site_Scripting_(XSS)

WordPress Trac noreply at wordpress.org
Fri Mar 23 18:18:22 UTC 2018


#43622: Vulnrability : Cross-site_Scripting_(XSS)
--------------------------+-----------------------------
 Reporter:  sajibekanti   |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  4.9.4
 Severity:  critical      |   Keywords:  bug
  Focuses:  Security      |
--------------------------+-----------------------------
 Hi

 My Name Is Sajibe Kanti


 Affected Version: WordPress 4.9.4

 Vulnrability : Cross-site_Scripting_(XSS)


 Step Of Reproduce :

 1. Logging Your Wordpress Admin Panel
 2. Now Click Dashboard
 3. Now Click / Go For WordPress Events And News
 4. Now Enter This Payload In City Box : "><img src=1
 onerror=prompt(document.cookie);>
 5. Now You Can See XSS with Cookies

 See PoC Pic

 http://prntscr.com/ivfqfu

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43622>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list