daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: CVE-2022-4321 (#8330) 

* Fix: CVE-2022-4321

* added metadata

---------

Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
patch-1
HuTa0 2023-10-08 14:26:49 +08:00 committed by GitHub
parent 6b3707c572
commit aea032a150
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2022/CVE-2022-4321.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2022-4321
info:
name: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
author: r3Y3r53
author: r3Y3r53,HuTa0
severity: medium
description: |
The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
@ -25,6 +25,7 @@ info:
vendor: wpswings
product: pdf_generator_for_wordpress
framework: wordpress
publicwww-query: "/wp-content/plugins/pdf-generator-for-wp"
tags: cve,cve2022,wpscan,wordpress,wp,wp-plugin,xss,pdf-generator-for-wp
http:
@ -39,6 +40,7 @@ http:
words:
- '><script>alert(document.domain)</script>'
- 'pdf-generator-for-wp'
- 'Total execution time is'
condition: and
- type: word