[wp-trac] [WordPress Trac] #61917: XSS Vulnerability in Webempresa Hosting Panel

WordPress Trac noreply at wordpress.org
Fri Aug 23 15:44:22 UTC 2024 

#61917: XSS Vulnerability in Webempresa Hosting Panel
-----------------------------------------------+---------------------------
 Reporter:  luu176                             |      Owner:  (none)
     Type:  defect (bug)                       |     Status:  new
 Priority:  normal                             |  Milestone:  Awaiting
                                               |  Review
Component:  Login and Registration             |    Version:  2.2.2
 Severity:  normal                             |   Keywords:  needs-patch
  Focuses:  ui, accessibility, administration  |
-----------------------------------------------+---------------------------
 I am writing to report a Cross-Site Scripting (XSS) vulnerability I
 discovered in the login panel of Webempresa's hosting service. The
 vulnerability occurs when attempting to log in, where the username field
 is not properly sanitized, allowing for HTML code injection.

 For example, by setting the username to "><iframe src="x">, an error is
 triggered, resulting in the execution of the embedded HTML code, such as
 the iframe pop-up appearing on the page.

 **Additional Information:**

 - This vulnerability has been confirmed on the following panel:
 https://cp7159.webempresa.eu:2443/login.
 - The vulnerability was tested on version 2.2.28 of the login panel.

 **Vulnerability Type:**
 Cross-Site Scripting (XSS)

 **Vendor of Product:**
 Webempresa.eu

 **Affected Product Code Base:**
 Login panel of hosting - Version: 2.2.28

 **Affected Component:**
 Login panels

 **Attack Type:**
 Remote

 **Impact Code Execution:**
 True

 **Attack Vectors:**
 XSS through the username field using malicious input like "><iframe
 src="x">.

 **Reference:**
 https://cp7159.webempresa.eu:2443/login

 **Discoverer:**
 Aidan Nakache

 **I was advised by the CVE program in my request (scr1707505) to contact
 the WordPress CNA to report this issue and obtain a CVE ID. Please let me
 know if any additional information is required. Thank you for your
 attention to this matter.**

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61917>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list