HTML5 Responsive FAQ <= 2.8.5 – Admin+ Stored Cross-Site Scripting | CVE 2021-24995 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Proof of Concept

Put the following payload in the "Text size of answer (in pixels)" settings: </style><script>alert('XSS');</script>

The XSS will be triggered in the footer of all frontend pages

Affects Plugins

html5-responsive-faq

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

José Aguilera

Submitter

José Aguilera

Submitter website

https://jsgm.dev

Verified

Yes

WPVDB ID

3caf0de0-57f2-4c87-8713-d00a7db9eeef

Timeline

Publicly Published

2021-11-23 (about 2 years ago)

Added

2022-02-15 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2023-05-22

Title

Rank Math SEO PRO < 3.0.36 - Unauthenticated Reflected XSS

Published

2021-09-29

Title

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

Published

2014-08-01

Title

fbsurveypro - XSS

Published

2021-08-25

Title

Block and Stop Bad Bots < 6.62 - Reflected Cross-Site Scripting

Published

2019-08-20

Title

Additional Variation Images for WooCommerce < 1.1.29 - Authenticated Stored XSS