fkie_cve-2020-28707
Vulnerability from fkie_nvd
Published
2021-01-19 22:15
Modified
2024-11-21 05:23
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the "e" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object.
References
cve@mitre.orghttp://stockdio.comVendor Advisory
cve@mitre.orghttps://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/Exploit, Third Party Advisory
cve@mitre.orghttps://wordpress.org/plugins/stockdio-historical-chart/#developersRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://stockdio.comVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wordpress.org/plugins/stockdio-historical-chart/#developersRelease Notes, Third Party Advisory
Impacted products
Vendor Product Version
stockdio stockdio_historical_chart *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:stockdio:stockdio_historical_chart:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "593F6C25-64BE-4733-A6AB-39B3A8046F75",
              "versionEndExcluding": "2.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the \"e\" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,\u0027*\u0027) for that object."
    },
    {
      "lang": "es",
      "value": "El plugin Stockdio Historical Chart versiones anteriores a 2.8.1 para WordPress, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del archivo stockdio_chart_historical-wp.js en wp-content/plugins/stockdio-historical-chart/assets/ debido a que el origen de un evento postMessage() no est\u00e1 comprobado.\u0026#xa0;La funci\u00f3n stockdio_eventer escucha cualquier evento postMessage.\u0026#xa0;Despu\u00e9s que un evento de mensaje es enviado a la aplicaci\u00f3n, esta funci\u00f3n establece la variable \"e\" como evento y comprueba que los tipos de datos y el m\u00e9todo de datos no est\u00e9n indefinidos (vac\u00edos) antes de proceder a evaluar el m\u00e9todo de datos recibido del postMessage.\u0026#xa0;Sin embargo, en un sitio web diferente.\u0026#xa0;El c\u00f3digo JavaScript puede llamar a window.open para la instancia vulnerable de WordPress y hacer un postMessage(msg,\u0027*\u0027) para ese objeto"
    }
  ],
  "id": "CVE-2020-28707",
  "lastModified": "2024-11-21T05:23:08.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-19T22:15:12.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://stockdio.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://wordpress.org/plugins/stockdio-historical-chart/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://stockdio.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://wordpress.org/plugins/stockdio-historical-chart/#developers"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.