WordPress MapifyLite 3.3 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 25th, 2021 📆 | 4429 Views ⚑

0

WordPress MapifyLite 3.3 Cross Site Scripting ≈ Packet Storm

#Title : MapifyLite WordPress Plugins Stored XSS Injection
#Date : 24/03/2021
#Author : Eagle Eye
#Vendor Homepage : https://mapifypro.com/product/mapifylite/
#Version Affected : 3.3 and below
#Tested on : Google Chrome
#XSS vulnerability from Map settings & locations

#1. Login user
#2. Go to add map settins/locations
#3. Put XSS payload at image pin url / image gallery url

#payload
http://localhost/">

Source link

Tagged with:



Leave a Reply