QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19133

Published: Dec 4, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20191203 Reflected XSS in CSS Hero (v.4.0.3)

mailing-list

x_refsource_FULLDISC

http://seclists.org/fulldisclosure/2019/Dec/6

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9966

x_refsource_MISC

http://packetstormsecurity.com/files/155558/WordPress-CSS-Hero-4.0.3-Cross-Site-Scripting.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.