# Sassy Social Share <= 3.3.3 - 反射型跨站脚本漏洞
## 漏洞概述
Sassy Social Share插件存在反射型跨站脚本(XSS)漏洞,该漏洞通过`heateor_sss_sharing_count` AJAX action中的`urls`参数触发,由于输入过滤和输出转义不足导致。
## 影响版本
3.3.3 及以下版本
## 漏洞细节
该漏洞可以通过`urls`参数在`heateor_sss_sharing_count` AJAX操作中触发。不受信任的输入未经过充分过滤和转义,使得攻击者能够注入任意Web脚本。
## 漏洞影响
未经身份验证的攻击者可以通过诱使用户点击恶意链接等方式,在页面上执行注入的脚本,从而导致反射型跨站脚本攻击。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-4971.yaml | POC详情 |
暂无评论