Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)



Description
An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details. The XSS payload is then executed when an authenticated administrator user views the booking on the booking-list and cust-lookup pages.
Proof of Concept
Inject XSS via most fields in the booking form, which will then be executed on the booking-list and cust-lookup admin pages, when viewed by an authenticated administrator.

Affects Plugin

no known fix

References

PacketStorm 157118
URL https://codecanyon.net/item/car-rental-system-wordpress-plugin/4239755

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher @ThelastVvV
Views 1177
Verified No
WPVDB ID 10172

Timeline

Publicly Published 2020-04-05 (about 2 months ago)
Added 2020-04-09 (about 2 months ago)
Last Updated 2020-04-12 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin