Last active
December 22, 2020 20:26
-
-
Save michiiii/9501b878e7ba3c9fc2a7407ff8277fa5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability Name: Multiple cross-site scripting (XSS) vulnerabilities in Tin Canny Reporting for LearnDash | |
Registered: CVE-2020-9439 | |
Discoverers: | |
Michael Ritter | |
Vendor of Product: | |
Uncanny Owl | |
Affected Product Code Base: | |
Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 | |
Attack Type: | |
Remote | |
Vulnerability Type: | |
Cross-Site Scripting (XSS) | |
Vulnerability Impact: | |
Code Execution, Information Disclosure | |
Attack Vector: | |
To exploit this vulnerability, a user must navigate to the Uncanny Owl Tin Canny LearnDash Reporting plugin. | |
Description: | |
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl - Tin Canny LearnDash Reporting 3.3.7 allows authenticated remote attackers to inject arbitrary web script or HTML via: | |
- search_key GET Parameter in TinCan_Content_List_Table.php | |
- message GET Parameter in licensing.php | |
- tc_filter_group in reporting-admin-menu.php | |
- tc_filter_user in reporting-admin-menu.php | |
- tc_filter_course in reporting-admin-menu.php | |
- tc_filter_lesson in reporting-admin-menu.php | |
- tc_filter_module in reporting-admin-menu.php | |
- tc_filter_action in reporting-admin-menu.php | |
- tc_filter_data_range in reporting-admin-menu.php | |
- tc_filter_data_range_last in reporting-admin-menu.php | |
Reporting Timeline: | |
28/02/2020: Vulnerability registered | |
28/02/2020: Vulnerability was reported to Uncanny Owl | |
19/08/2020: Vulnerability patched with the release of Tin Canny Reporting for LearnDash 3.4.4 | |
22/12/2020: Public disclosure | |
Remediated Product Version: | |
Uncanny Owl Tin Canny LearnDash Reporting 3.4.4 | |
Reference: | |
https://www.uncannyowl.com/knowledge-base/tin-canny-learndash-reporting-changelog/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment