IthacaLabs/CVE-2021-3327

## CVE-2021-3327
CVE-2021-3327

Description:
Ovation Dynamic Content Elementor 1.10.1 allows XSS attack via the "post_title" parameter.


Vulnerability Type:
Cross Site Scripting (XSS)


Product Vendor:
Ovation S.r.l


Affected Product:
Dynamic content for elementor version 1.10.1


Affected Component:
<input class="elementor-field elementor-field-textual elementor-size-lg" type="text" placeholder="" value="\"><script>alert(document.cookie)</script><\"" name="post_title" id="dce_view_f9fc119_post_title">


Attack Type:
Remote


CVE Impact:
JavaScript code execution, session hijacking, access controls bypass, and CSRF attacks.


Attack Vector:
This flow exists due to the improper sanitization and validation of a user controlled parameter value and interpreted by the web application.


Reference:
https://www.dynamic.ooo/


Discoverer:
IthacaLabs at Odyssey CyberSecurity
	CVE-2021-3327

	Description:
	Ovation Dynamic Content Elementor 1.10.1 allows XSS attack via the "post_title" parameter.


	Vulnerability Type:
	Cross Site Scripting (XSS)


	Product Vendor:
	Ovation S.r.l


	Affected Product:
	Dynamic content for elementor version 1.10.1


	Affected Component:
	<input class="elementor-field elementor-field-textual elementor-size-lg" type="text" placeholder="" value="\"><script>alert(document.cookie)</script><\"" name="post_title" id="dce_view_f9fc119_post_title">


	Attack Type:
	Remote


	CVE Impact:
	JavaScript code execution, session hijacking, access controls bypass, and CSRF attacks.


	Attack Vector:
	This flow exists due to the improper sanitization and validation of a user controlled parameter value and interpreted by the web application.


	Reference:
	https://www.dynamic.ooo/


	Discoverer:
	IthacaLabs at Odyssey CyberSecurity