Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#47910 closed enhancement (invalid)

Stored Xss

Reported by: wildfighter0481's profile wildfighter0481 Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.2.2
Component: General Keywords:
Focuses: Cc:

Description

Description:
XSS (Cross-Site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

Step To Reproduce:

1) Select theme from theme store i choose social-care-lite theme
2) Go to menus options and add menus
3) then change menus name to <script>alert(555)</script>
4) publish page and refresh it
5) and execute xss

Attachments (2)

xss 2.PNG (50.2 KB) - added by wildfighter0481 4 years ago.
xss 1.PNG (85.0 KB) - added by wildfighter0481 4 years ago.

Download all attachments as: .zip

Change History (3)

@wildfighter0481
4 years ago

@wildfighter0481
4 years ago

#1 @audrasjb
4 years ago

  • Keywords new removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi and welcome on WordPress Trac,

Security related tickets should not be reported on Trac but on HackerOne. You probably missed it but there was an information message about that in the "new trac ticket" screen.

Worth noting this is not a real security issue since administrators or editors are able to post arbitrary JavaScript.

Note: See TracTickets for help on using tickets.