The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0.
https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9 The base64 string is an encoded JSON with the following structure:
{
"type":"null",
"html":"<script>alert('xss')</script>"
}This vulnerability has been fixed in the version 3.1.4. If you are using elementor to build your site, I would recommend you to upgrade to the last version.
To fix the vulnerability, the developer team have removed the “default case” in the switch (line 165).
Reference:
Leave a Reply