Description

This script is possibly vulnerable to client side template injection attacks.

Client side template injection is a vulnerability similar to cross site scripting that allows an attacker to send malicious code (usually in the form of JavaScript) to another user. The injected code is executed by the client side templating and allows the attacker to take control of the victim's browser.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page

References

HackTricks

Blackhat

Related Vulnerabilities

WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)

WordPress Plugin Power Charts-Responsive Beautiful Charts & Graphs Cross-Site Scripting (0.1.0)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.3.0)

WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)

WordPress Plugin All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs-My Sticky Elements Cross-Site Scripting (2.0.3)

Severity

High

Classification

CWE-116 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

XSS Csti Deepscan