DiveBook <= 1.1.4 – Unauthenticated Reflected XSS | CVE 2020-14206

Description

:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log's filter functionality. Arbitrary URL parameters are reflected into the application's response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link containing JavaScript, which will execute within the context of the victim's browser. The "scrolled" parameter is also vulnerable."

Note (WPScanTeam): The attack will only work with web browsers not encoding URL parameters

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

divebook

No known fix

References

CVE

CVE-2020-14206

URL

https://www.hooperlabs.xyz/disclosures/divebook.php

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.1 (low)

Miscellaneous

Original Researcher

Hooper Labs

Verified

Yes

WPVDB ID

533d3ce1-c31d-4b81-bbc5-1451e5abd962

Timeline

Publicly Published

2020-12-09 (about 3 years ago)

Added

2020-12-09 (about 3 years ago)

Last Updated

2020-12-10 (about 3 years ago)

Other

Published

Title

Published

2019-09-05

Title

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Published

2021-09-28

Title

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

Published

2023-01-03

Title

Bold Timeline Lite < 1.1.5 - Contributor+ Stored XSS via Shortcode

Published

2024-05-09

Title

HTML5 Audio Player- Best WordPress Audio Player Plugin < 2.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Published

2023-01-20

Title

WPMobile.App < 11.14 - Contributor+ Stored XSS