mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-02 04:25:08 +02:00
marc
1.1 KiB
1.1 KiB
CVE-2021-24201
&color=brighgreen)
Description
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
POC
Reference
Github
No PoCs found on GitHub currently.