daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update wp-ambience-xss.yaml

patch-1
Ritik Chaddha 2022-08-10 14:50:05 +05:30 committed by GitHub
parent 0bbe2ff881
commit 0ba0e74aa1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vulnerabilities/wordpress/wp-ambience-xss.yaml
View File

@ -4,10 +4,12 @@ info:
name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS) name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS)
author: daffainfo author: daffainfo
severity: medium severity: medium
description: |
The ambience WordPress theme was affected by a Cross-Site Scripting (XSS) security vulnerability.
reference: reference:
- https://www.exploit-db.com/exploits/38568 - https://www.exploit-db.com/exploits/38568
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381 - https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
tags: wordpress,xss,wp-plugin tags: wordpress,xss,wp-plugin,wp
requests: requests:
- method: GET - method: GET
@ -17,9 +19,9 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "<body onload=alert(1)>" - "<body onload=alert(1)>"
part: body
- type: word - type: word
part: header part: header