Last active
December 22, 2021 11:38
-
-
Save IthacaLabs/e69e90e1d0d9cb37bb3746b6a4274d29 to your computer and use it in GitHub Desktop.
CVE-2021-3327
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2021-3327 | |
Description: | |
Ovation Dynamic Content Elementor 1.10.1 allows XSS attack via the "post_title" parameter. | |
Vulnerability Type: | |
Cross Site Scripting (XSS) | |
Product Vendor: | |
Ovation S.r.l | |
Affected Product: | |
Dynamic content for elementor version 1.10.1 | |
Affected Component: | |
<input class="elementor-field elementor-field-textual elementor-size-lg" type="text" placeholder="" value="\"><script>alert(document.cookie)</script><\"" name="post_title" id="dce_view_f9fc119_post_title"> | |
Attack Type: | |
Remote | |
CVE Impact: | |
JavaScript code execution, session hijacking, access controls bypass, and CSRF attacks. | |
Attack Vector: | |
This flow exists due to the improper sanitization and validation of a user controlled parameter value and interpreted by the web application. | |
Reference: | |
https://www.dynamic.ooo/ | |
Discoverer: | |
IthacaLabs at Odyssey CyberSecurity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment