Stored XSS vulnerability in Amazing Little Poll versions 1.3 and 1.4: Remote code execution via lp_admin.php parameters.
CVE-2023-6769 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading.
Learn more about our Web Application Penetration Testing UK.