Stored XSS vulnerability in Amazing Little Poll versions 1.3 and 1.4: Remote code execution via lp_admin.php parameters.

Stored XSS vulnerability in Amazing Little Poll versions 1.3 and 1.4: Remote code execution via lp_admin.php parameters.

CVE-2023-6769 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading.

Learn more about our Web Application Penetration Testing UK.