DEV Community

Sanzeeb Aryal
Sanzeeb Aryal

Posted on • Edited on

2 1

How can authenticated XSS occur?

Pre Script: I am writing because I just learnt something.

Obviously, cross-site scripting (XSS) is critical in the public way. Authenticated XSS... Why would the authenticated personal inject the script themselves? Yes, they won't, but they might be tricked to. I have recently encountered the authenticated XSS in one of my WordPress plugins. The page displays the entries with the provided form ID in the url. Only administrators has the capability to view the form entries page.

On the admin dashboard, the url below will display the entries of form id 8.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8

The form id will be queried to the database. So, it can easily be vulnerable if not sanitized properly.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8<script>alert('XSS');</script>

Authenticated administrator user won't inject something like that but they might be tricked to.Suppose I'm an authenticated user and is logged in to my WordPress dashboard and someone sent me link like above (Links can be shortened and prettified) and I clicked on that. That's Authenticated XSS.

You should also sanitize SQL order and orderby in WordPress.

I hope it's helpful!

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay