CVE-2020-29172 is a cross-site scripting (XSS) vulnerability. The Server IP option can be used to exploit cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin for WordPress prior to 3.6.1. The plugin does not sanitize invalid IPs given in its Toolbox page before displaying them in an error message which is Stored XSS. XSS is the second most common problem in the OWASP Top 10, appearing in almost two-thirds of all applications.
Key Pointers:
- Introduction to LightSpeed Cache Vulnerability and XSS
- Taking a look at the severity of the vulnerability
- Making a note on the remediation for the vulnerability
- Setting up the lab and understanding the exploitation scenario
- Performing the exploit in the lab environment
