Update CVE-2023-2309.yaml

main
Dhiyaneshwaran 2024-07-22 14:54:48 +05:30 committed by GitHub
parent bbba105bda
commit fbfb6abbed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 3 deletions

View File

@ -11,19 +11,22 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2309 - https://nvd.nist.gov/vuln/detail/CVE-2023-2309
- https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d/ - https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforo/wpforo-forum-218-reflected-cross-site-scripting-via-wpforo-debug - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforo/wpforo-forum-218-reflected-cross-site-scripting-via-wpforo-debug
- https://github.com/fkie-cad/nvd-json-data-feeds
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1 cvss-score: 6.1
cve-id: CVE-2023-2309 cve-id: CVE-2023-2309
epss-score: 0.00052 epss-score: 0.00052
epss-percentile: 0.20645 epss-percentile: 0.20793
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
metadata: metadata:
verified: true
max-request: 1 max-request: 1
vendor: gvectors vendor: gvectors
product: wpforo_forum product: wpforo_forum
framework: wordpress framework: wordpress
tags: xss,wpscan,cve,cve2023,wp-plugin publicwww-query: "/wp-content/plugins/wpforo/"
tags: cve,cve2023,wordpress,wpforo,wpscan,wp-plugin,wp,xss
http: http:
- raw: - raw:
@ -34,6 +37,7 @@ http:
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'contains(body,"<script>alert(/document.domain/)</script>") && contains(header,"text/html")' - 'contains_all(body,"<script>alert(/document.domain/)</script>","wpforo")'
- 'contains(header,"text/html")'
- 'status_code == 200' - 'status_code == 200'
condition: and condition: and