From b60230b4233c11a1e5f08bca2a7c4e7dbe95354c Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 17 Aug 2023 14:42:24 +0530 Subject: [PATCH] fix template with remediation --- http/cves/2022/CVE-2022-1756.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/http/cves/2022/CVE-2022-1756.yaml b/http/cves/2022/CVE-2022-1756.yaml index 4047519b5e..3e47f65b6d 100644 --- a/http/cves/2022/CVE-2022-1756.yaml +++ b/http/cves/2022/CVE-2022-1756.yaml @@ -5,10 +5,12 @@ info: author: Harsh severity: medium description: | - The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. + The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. + remediation: Fixed in version 7.4.5 reference: - https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072 - https://nvd.nist.gov/vuln/detail/CVE-2022-1756 + - https://wordpress.org/plugins/newsletter/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -16,7 +18,10 @@ info: cwe-id: CWE-79 metadata: verified: true - tags: cve,cve2022,xss,reflected + publicwww-query: "/wp-content/plugins/newsletter/" + max-request: 2 + tags: cve,cve2022,newsletter,xss,authenticated + http: - raw: - | @@ -34,6 +39,5 @@ http: - type: dsl dsl: - 'status_code == 200' - - 'contains(body, "newsletter")' - - 'contains(body, "document.domain")' + - 'contains(body, "newsletter") && contains(body, ">")' condition: and