daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-3933.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-28 16:12:22 -04:00
parent 447f77a792
commit 2056a3e7a6
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2022/CVE-2022-3933.yaml
View File

@ -1,12 +1,12 @@
id: CVE-2022-3933
info:
name: Essential Real Estate - Cross Site Scripting
name: WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
remediation: Fixed in version 3.9.6
WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.
remediation: Fixed in version 3.9.6.
reference:
- https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4
- https://wordpress.org/plugins/essential-real-estate/advanced/
@ -42,3 +42,5 @@ requests:
- 'contains(body_2, "><script>alert(document.domain)</script>")'
- 'contains(body_2, "ere_property_gallery")'
condition: and
# Enhanced by md on 2023/03/28