Last active
December 23, 2020 07:23
-
-
Save michiiii/81d801f563138abe7da61e2d95342202 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability Name: Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 | |
Registered: CVE-2020-35650 | |
Discoverers: | |
Michael Ritter | |
Vendor of Product: | |
Uncanny Owl | |
Affected Product Code Base: | |
Uncanny Groups for LearnDash before 3.7 | |
Attack Type: | |
Remote | |
Vulnerability Type: | |
Cross-Site Scripting (XSS) | |
Vulnerability Impact: | |
Code Execution, Information Disclosure | |
Attack Vector: | |
To exploit this vulnerability, a user must navigate to the Uncanny Groups for LearnDash plugin. | |
Description: | |
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via: | |
- ulgm_code_redeem POST Parameter in user-code-redemption.php | |
- ulgm_user_first POST Parameter in user-registration-form.php | |
- ulgm_user_last POST Parameter in user-registration-form.php | |
- ulgm_user_email POST Parameter in user-registration-form.php | |
- ulgm_code_registration POST Parameter in user-registration-form.php | |
- ulgm_terms_conditions POST Parameter in user-registration-form.php | |
- _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php | |
- uncanny_group_signup_user_first POST Parameter in group-registration-form.php | |
- uncanny_group_signup_user_last POST Parameter in group-registration-form.php | |
- uncanny_group_signup_user_login POST Parameter in group-registration-form.php | |
- uncanny_group_signup_user_email POST Parameter in group-registration-form.php | |
- success-invited GET Parameter in frontend-uo_groups.php | |
- bulk-errors GET Parameter in frontend-uo_groups.php | |
- message GET Parameter in frontend-uo_groups.php | |
Reporting Timeline: | |
28/02/2020: Vulnerability was reported to Uncanny Owl | |
08/06/2020: Vulnerability patched with the release of Uncanny Groups for LearnDash 3.7 | |
22/12/2020: CVE registered | |
23/12/2020: Public disclosure | |
Remediated Product Version: | |
Uncanny Groups for LearnDash 3.7 | |
Reference: | |
https://www.uncannyowl.com/knowledge-base/uncanny-learndash-groups-changelog/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment